VDB
RHSA-2022%3A0434
RHSA-2022%3A0434
PUBLISHED
CVSS 7.300000190734863 HIGH
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-serverless-1/kourier-control-rhel8@sha256:e37d553ea1c1708b82ea37815abdfe64f9531d56aefcaea4f18db8cf1c09bc0e_s390x as a component of Red Hat OpenShift Serverless 1.20 | openshift-serverless-1/kourier-control-rhel8@sha256:e37d553ea1c1708b82ea37815abdfe64f9531d56aefcaea4f18db8cf1c09bc0e_s390x, * |
| Red Hat | openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ed09083dd0b38e9cfb515e6bbc1b3f160d1765c669dc23d91af1f6964c9e9ec5_amd64 as a component of Red Hat OpenShift Serverless 1.20 | *, * |
| Red Hat | openshift-serverless-1/serving-webhook-rhel8@sha256:44f412fc7d99403385120937140d630efec6863d1ef8e9465ab6a493ccb179f5_ppc64le as a component of Red Hat OpenShift Serverless 1.20 | openshift-serverless-1/serving-webhook-rhel8@sha256:44f412fc7d99403385120937140d630efec6863d1ef8e9465ab6a493ccb179f5_ppc64le |
| Red Hat | openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:d261b7ca2e725d5b7be390b048edebadacbf8d9c0163805438e397ca050f80ce_amd64 as a component of Red Hat OpenShift Serverless 1.20 | *, * |
| Red Hat | openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:a22110d49b5d32de35e4cd5ec6a56da150c76c68aee873e235a3d3f6207987c4_s390x as a component of Red Hat OpenShift Serverless 1.20 | *, * |
| Red Hat | openshift-serverless-1/net-istio-controller-rhel8@sha256:00c268bb0c5dc22ebd288ef00e69ebfc168fcb609a0c0c7750b62e0a9018a51e_s390x as a component of Red Hat OpenShift Serverless 1.20 | *, openshift-serverless-1/net-istio-controller-rhel8@sha256:00c268bb0c5dc22ebd288ef00e69ebfc168fcb609a0c0c7750b62e0a9018a51e_s390x |
| Red Hat | openshift-serverless-1/eventing-mtping-rhel8@sha256:74869bed9d6ec00d4516efd64717a6eeef392bf86f43c98664b51f7054a37c35_amd64 as a component of Red Hat OpenShift Serverless 1.20 | openshift-serverless-1/eventing-mtping-rhel8@sha256:74869bed9d6ec00d4516efd64717a6eeef392bf86f43c98664b51f7054a37c35_amd64 |
| Red Hat | openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:78c66c85a4b895f4b771d0475f7e0e93b36fef8f2dbcbd6e52fffc6697ced39b_amd64 as a component of Red Hat OpenShift Serverless 1.20 | * |
| Red Hat | openshift-serverless-1/eventing-webhook-rhel8@sha256:c78bd6d9d42d70d152733565d57516b2982b3343ae166a58f9330a1b3c6dd7eb_ppc64le as a component of Red Hat OpenShift Serverless 1.20 | openshift-serverless-1/eventing-webhook-rhel8@sha256:c78bd6d9d42d70d152733565d57516b2982b3343ae166a58f9330a1b3c6dd7eb_ppc64le |
| Red Hat | openshift-serverless-1/serving-queue-rhel8@sha256:90b0d0593ef2ab05e6d1aba5016543e54046b5b3baa5c7025882d05997e85503_ppc64le as a component of Red Hat OpenShift Serverless 1.20 | openshift-serverless-1/serving-queue-rhel8@sha256:90b0d0593ef2ab05e6d1aba5016543e54046b5b3baa5c7025882d05997e85503_ppc64le |
| Red Hat | openshift-serverless-1/serving-queue-rhel8@sha256:f2d8e81015e477ff7b0a6dc70343d904fa00b574a04285648cf8d4374ded8bae_s390x as a component of Red Hat OpenShift Serverless 1.20 | *, * |
| Red Hat | openshift-serverless-1/svls-must-gather-rhel8@sha256:3e74ef8aa6bf751f3d74137b625287322f1a63a1448e1769968d68598d049c68_ppc64le as a component of Red Hat OpenShift Serverless 1.20 | * |
| Red Hat | openshift-serverless-1/serving-controller-rhel8@sha256:2423823b744f3d2e4e8d225ff336e3cc12fb76a5fb8209101bdb6ded0ac8d1cf_amd64 as a component of Red Hat OpenShift Serverless 1.20 | openshift-serverless-1/serving-controller-rhel8@sha256:2423823b744f3d2e4e8d225ff336e3cc12fb76a5fb8209101bdb6ded0ac8d1cf_amd64, * |
| Red Hat | openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:a84a32e3872b770c33cb08f4879abfc89fc1a1c917616b2ccc9389f2d495fe1b_s390x as a component of Red Hat OpenShift Serverless 1.20 | openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:a84a32e3872b770c33cb08f4879abfc89fc1a1c917616b2ccc9389f2d495fe1b_s390x |
| Red Hat | openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:8eff3546c303ed5cb50177f16d84a4908552c7c49d185cf8cbc9e2d0007d5cd3_amd64 as a component of Red Hat OpenShift Serverless 1.20 | *, * |
| Red Hat | openshift-serverless-1/eventing-webhook-rhel8@sha256:4ce209284a2c25a7285062cd293293992fb5899199ab5c0a8a0e187b7ebf7d85_s390x as a component of Red Hat OpenShift Serverless 1.20 | openshift-serverless-1/eventing-webhook-rhel8@sha256:4ce209284a2c25a7285062cd293293992fb5899199ab5c0a8a0e187b7ebf7d85_s390x, * |
| Red Hat | openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:84694bf72cfbee8fc35bc9b066ccf7518be198c4b16b21f1f116596b7b85433f_amd64 as a component of Red Hat OpenShift Serverless 1.20 | openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:84694bf72cfbee8fc35bc9b066ccf7518be198c4b16b21f1f116596b7b85433f_amd64 |
| Red Hat | openshift-serverless-1/eventing-controller-rhel8@sha256:13f141c7bcc40618ba84ea093ebea2e7a58f015b2a682aee7fc8f3bfc14228fb_ppc64le as a component of Red Hat OpenShift Serverless 1.20 | *, openshift-serverless-1/eventing-controller-rhel8@sha256:13f141c7bcc40618ba84ea093ebea2e7a58f015b2a682aee7fc8f3bfc14228fb_ppc64le |
| Red Hat | openshift-serverless-1/client-kn-rhel8@sha256:5470547f1149716073b1e60ecf6345a090476d5e58c2be92ac6a9cf6ede056c2_ppc64le as a component of Red Hat OpenShift Serverless 1.20 | *, * |
| Red Hat | openshift-serverless-1/eventing-webhook-rhel8@sha256:c78bd6d9d42d70d152733565d57516b2982b3343ae166a58f9330a1b3c6dd7eb_ppc64le as a component of Red Hat OpenShift Serverless 1.20 | *, openshift-serverless-1/eventing-webhook-rhel8@sha256:c78bd6d9d42d70d152733565d57516b2982b3343ae166a58f9330a1b3c6dd7eb_ppc64le |
…and 180 more
Timeline
- Feb 3, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 15, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:0434 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index advisory
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index advisory
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index advisory
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1992006 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2006044 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2012887 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2024838 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2024839 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0434.json advisory
- https://access.redhat.com/security/cve/CVE-2021-29923 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-29923 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-29923 advisory
- https://sick.codes/sick-2021-016/ advisory
- https://access.redhat.com/security/cve/CVE-2021-38297 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-38297 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-38297 advisory
- https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A advisory
…and 4 more