VDB
RHSA-2022%3A6152
RHSA-2022%3A6152
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| golang | go | |
| Red Hat | openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:777bb9e4d92ca645fb10cb85d3d0bbc35408e63d0dbddee200a85a018b6afc69_amd64 as a component of OSSO 1.1 for RHEL 8 | openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:777bb9e4d92ca645fb10cb85d3d0bbc35408e63d0dbddee200a85a018b6afc69_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:777bb9e4d92ca645fb10cb85d3d0bbc35408e63d0dbddee200a85a018b6afc69_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:777bb9e4d92ca645fb10cb85d3d0bbc35408e63d0dbddee200a85a018b6afc69_amd64 |
| Red Hat | openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:777bb9e4d92ca645fb10cb85d3d0bbc35408e63d0dbddee200a85a018b6afc69_amd64 as a component of OSSO 1.1 for RHEL 8 | |
| Red Hat | openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:777bb9e4d92ca645fb10cb85d3d0bbc35408e63d0dbddee200a85a018b6afc69_amd64 as a component of OSSO 1.1 for RHEL 8 | openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:777bb9e4d92ca645fb10cb85d3d0bbc35408e63d0dbddee200a85a018b6afc69_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:777bb9e4d92ca645fb10cb85d3d0bbc35408e63d0dbddee200a85a018b6afc69_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:777bb9e4d92ca645fb10cb85d3d0bbc35408e63d0dbddee200a85a018b6afc69_amd64 |
| Red Hat | openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:752fb4e99e8d8dee18579aba58f34d5248822e77590a51c0d72ecbc726c90a4e_amd64 as a component of OSSO 1.1 for RHEL 8 | openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:752fb4e99e8d8dee18579aba58f34d5248822e77590a51c0d72ecbc726c90a4e_amd64, *, * |
| Red Hat | openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:752fb4e99e8d8dee18579aba58f34d5248822e77590a51c0d72ecbc726c90a4e_amd64 as a component of OSSO 1.1 for RHEL 8 | openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:752fb4e99e8d8dee18579aba58f34d5248822e77590a51c0d72ecbc726c90a4e_amd64, *, openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:752fb4e99e8d8dee18579aba58f34d5248822e77590a51c0d72ecbc726c90a4e_amd64 |
Timeline
- Sep 1, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2022:6152 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2077688 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2077689 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2092793 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2105001 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107342 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107371 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107374 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107376 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107383 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107386 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107388 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107390 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107392 issue
- https://issues.redhat.com/browse/WRKLDS-466 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6152.json advisory
- https://access.redhat.com/security/cve/CVE-2022-1705 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-1705 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-1705 advisory
…and 45 more