VDB
RHSA-2022%3A5525
RHSA-2022%3A5525
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | ocp-tools-4/service-binding-rhel8-operator@sha256:07d3b3260a410508168c6be3daf4409829734320c7a5c3532d8bff20f12bf457_s390x as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | ocp-tools-4/service-binding-rhel8-operator@sha256:07d3b3260a410508168c6be3daf4409829734320c7a5c3532d8bff20f12bf457_s390x |
| Red Hat | ocp-tools-4/service-binding-rhel8-operator@sha256:784d686cc3c2cec8b08204df52ff19693aea77513adeca186341ffecf90e2cb0_arm64 as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | ocp-tools-4/service-binding-rhel8-operator@sha256:784d686cc3c2cec8b08204df52ff19693aea77513adeca186341ffecf90e2cb0_arm64 |
| Red Hat | ocp-tools-4/service-binding-rhel8-operator@sha256:7b0b4560ee8056a748fe2f0520fc37fc3061c978fff418cd1ad0544b512afae3_amd64 as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | ocp-tools-4/service-binding-rhel8-operator@sha256:7b0b4560ee8056a748fe2f0520fc37fc3061c978fff418cd1ad0544b512afae3_amd64 |
| Red Hat | ocp-tools-4/service-binding-operator-bundle@sha256:44d2aa8f1f54834eae6500b04fc7d29c6082657fcb90467635483c934b23b8d8_amd64 as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | ocp-tools-4/service-binding-operator-bundle@sha256:44d2aa8f1f54834eae6500b04fc7d29c6082657fcb90467635483c934b23b8d8_amd64 |
| Red Hat | ocp-tools-4/service-binding-rhel8-operator@sha256:7b0b4560ee8056a748fe2f0520fc37fc3061c978fff418cd1ad0544b512afae3_amd64 as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | ocp-tools-4/service-binding-rhel8-operator@sha256:7b0b4560ee8056a748fe2f0520fc37fc3061c978fff418cd1ad0544b512afae3_amd64 |
| Red Hat | ocp-tools-4/service-binding-rhel8-operator@sha256:cd9e796396a18c4b0e39d7412aa7367d0fc371fab6144b7ac981db2235a403d5_ppc64le as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | ocp-tools-4/service-binding-rhel8-operator@sha256:cd9e796396a18c4b0e39d7412aa7367d0fc371fab6144b7ac981db2235a403d5_ppc64le |
| Red Hat | ocp-tools-4/service-binding-rhel8-operator@sha256:784d686cc3c2cec8b08204df52ff19693aea77513adeca186341ffecf90e2cb0_arm64 as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | ocp-tools-4/service-binding-rhel8-operator@sha256:784d686cc3c2cec8b08204df52ff19693aea77513adeca186341ffecf90e2cb0_arm64 |
| Red Hat | ocp-tools-4/service-binding-rhel8-operator@sha256:cd9e796396a18c4b0e39d7412aa7367d0fc371fab6144b7ac981db2235a403d5_ppc64le as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | ocp-tools-4/service-binding-rhel8-operator@sha256:cd9e796396a18c4b0e39d7412aa7367d0fc371fab6144b7ac981db2235a403d5_ppc64le |
| Red Hat | ocp-tools-4/service-binding-operator-bundle@sha256:44d2aa8f1f54834eae6500b04fc7d29c6082657fcb90467635483c934b23b8d8_amd64 as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | ocp-tools-4/service-binding-operator-bundle@sha256:44d2aa8f1f54834eae6500b04fc7d29c6082657fcb90467635483c934b23b8d8_amd64 |
| Red Hat | ocp-tools-4/service-binding-rhel8-operator@sha256:07d3b3260a410508168c6be3daf4409829734320c7a5c3532d8bff20f12bf457_s390x as a component of OpenShift Developer Tools and Services for OCP 4.7 for RHEL 8 | * |
Timeline
- Jul 7, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:5525 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://docs.openshift.com/container-platform/latest/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2100495 issue
- https://issues.redhat.com/browse/APPSVC-1133 advisory
- https://issues.redhat.com/browse/APPSVC-1135 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5525.json advisory
- https://access.redhat.com/security/cve/CVE-2021-38561 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-38561 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-38561 advisory
- https://pkg.go.dev/vuln/GO-2021-0113 advisory