VDB
RHSA-2022%3A0855
RHSA-2022%3A0855
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:f8ec9adb6535f770e4f9bfcfb037ee34619cdb731e9f8db0cd1abb814111156b_amd64 as a component of OpenShift Sandboxed Containers 1.2.0 | *, openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:f8ec9adb6535f770e4f9bfcfb037ee34619cdb731e9f8db0cd1abb814111156b_amd64 |
| Red Hat | openshift-sandboxed-containers/osc-rhel8-operator@sha256:ab9adc006067bdb848ce2a87649905e329f3f7b3c633700731285cd4d3408611_amd64 as a component of OpenShift Sandboxed Containers 1.2.0 | openshift-sandboxed-containers/osc-rhel8-operator@sha256:ab9adc006067bdb848ce2a87649905e329f3f7b3c633700731285cd4d3408611_amd64 |
| Red Hat | openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:f8ec9adb6535f770e4f9bfcfb037ee34619cdb731e9f8db0cd1abb814111156b_amd64 as a component of OpenShift Sandboxed Containers 1.2.0 | openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:f8ec9adb6535f770e4f9bfcfb037ee34619cdb731e9f8db0cd1abb814111156b_amd64 |
| Red Hat | openshift-sandboxed-containers/osc-rhel8-operator@sha256:ab9adc006067bdb848ce2a87649905e329f3f7b3c633700731285cd4d3408611_amd64 as a component of OpenShift Sandboxed Containers 1.2.0 | openshift-sandboxed-containers/osc-rhel8-operator@sha256:ab9adc006067bdb848ce2a87649905e329f3f7b3c633700731285cd4d3408611_amd64, * |
| Red Hat | openshift-sandboxed-containers/osc-monitor-rhel8@sha256:7a93384fe78dd82d8f754f1fd520880241a8467290c3a6fb50bb1cd748c80667_amd64 as a component of OpenShift Sandboxed Containers 1.2.0 | openshift-sandboxed-containers/osc-monitor-rhel8@sha256:7a93384fe78dd82d8f754f1fd520880241a8467290c3a6fb50bb1cd748c80667_amd64, openshift-sandboxed-containers/osc-monitor-rhel8@sha256:7a93384fe78dd82d8f754f1fd520880241a8467290c3a6fb50bb1cd748c80667_amd64 |
| Red Hat | openshift-sandboxed-containers/osc-operator-bundle@sha256:54495b1d987c9381ecfb79f2401c8d4ca8aa7fa7616b25ff36db103bd75339e1_amd64 as a component of OpenShift Sandboxed Containers 1.2.0 | openshift-sandboxed-containers/osc-operator-bundle@sha256:54495b1d987c9381ecfb79f2401c8d4ca8aa7fa7616b25ff36db103bd75339e1_amd64, openshift-sandboxed-containers/osc-operator-bundle@sha256:54495b1d987c9381ecfb79f2401c8d4ca8aa7fa7616b25ff36db103bd75339e1_amd64 |
| Red Hat | openshift-sandboxed-containers/osc-operator-bundle@sha256:54495b1d987c9381ecfb79f2401c8d4ca8aa7fa7616b25ff36db103bd75339e1_amd64 as a component of OpenShift Sandboxed Containers 1.2.0 | openshift-sandboxed-containers/osc-operator-bundle@sha256:54495b1d987c9381ecfb79f2401c8d4ca8aa7fa7616b25ff36db103bd75339e1_amd64 |
| Red Hat | openshift-sandboxed-containers/osc-monitor-rhel8@sha256:7a93384fe78dd82d8f754f1fd520880241a8467290c3a6fb50bb1cd748c80667_amd64 as a component of OpenShift Sandboxed Containers 1.2.0 | openshift-sandboxed-containers/osc-monitor-rhel8@sha256:7a93384fe78dd82d8f754f1fd520880241a8467290c3a6fb50bb1cd748c80667_amd64 |
Timeline
- Mar 14, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:0855 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1995656 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2030801 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2073310 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0855.json advisory
- https://access.redhat.com/security/cve/CVE-2021-36221 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-36221 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-36221 advisory
- https://groups.google.com/g/golang-announce/c/uHACNfXAZqk advisory
- https://access.redhat.com/security/cve/CVE-2021-44716 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-44716 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-44716 advisory
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k advisory