VDB
RHSA-2022%3A6283
RHSA-2022%3A6283
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-service-mesh/istio-rhel8-operator@sha256:fca5d871be638f67b4d9413acc0f08f07ce5664b3d8c7c303373f257c7fdaeef_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-rhel8-operator@sha256:fca5d871be638f67b4d9413acc0f08f07ce5664b3d8c7c303373f257c7fdaeef_ppc64le |
| Red Hat | openshift-service-mesh/pilot-rhel8@sha256:7092fafcf5c8831e60fe1faece49bca217f87a57570c246e281982ae26825f20_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/pilot-rhel8@sha256:7092fafcf5c8831e60fe1faece49bca217f87a57570c246e281982ae26825f20_s390x |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:50cb31bc63eb7e6ca7d89ff0e615e0c234df3e42301adaabe5a5898e5ae272e6_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8@sha256:50cb31bc63eb7e6ca7d89ff0e615e0c234df3e42301adaabe5a5898e5ae272e6_ppc64le |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:9ceabd6dce676b1e8bf619e1ae9eea8ed2a906e28d48983fbe05e5ba9ca3d17f_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:9ceabd6dce676b1e8bf619e1ae9eea8ed2a906e28d48983fbe05e5ba9ca3d17f_s390x |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:5e0d2446f28fe46ad17a820db95ace2da09b02fab1cc9616265d482b4f724347_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/grafana-rhel8@sha256:5e0d2446f28fe46ad17a820db95ace2da09b02fab1cc9616265d482b4f724347_ppc64le |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:b29c7f748528c0d2111ee22052d6e60f77705bad19da41fe05e3d2a73a84d620_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/istio-rhel8-operator@sha256:6f9a3465937f99f92d5b90e3ea8ff2b3f5a60cd1bb5133e28762471952cf221d_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-rhel8-operator@sha256:6f9a3465937f99f92d5b90e3ea8ff2b3f5a60cd1bb5133e28762471952cf221d_s390x |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:637aee2798808417c1f1ced161ed8b1ca8519713dfa3f2932b11656fd1289ba6_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8@sha256:637aee2798808417c1f1ced161ed8b1ca8519713dfa3f2932b11656fd1289ba6_s390x |
| Red Hat | openshift-service-mesh/ratelimit-rhel8@sha256:fb2fe2e0f345ae6945ab66b2024046f9e22562abfa23761bf500d267b559a8cb_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/ratelimit-rhel8@sha256:fb2fe2e0f345ae6945ab66b2024046f9e22562abfa23761bf500d267b559a8cb_ppc64le |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:0eca1c306690c8c2e2db17562cbbf6b1fcdc8296437b7746ea849822935be516_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/grafana-rhel8@sha256:0eca1c306690c8c2e2db17562cbbf6b1fcdc8296437b7746ea849822935be516_amd64 |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:159143f23b25d9f16023c7cdd5a9e3b9533fe4d5a158736f7560c0996c3f42b0_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8@sha256:159143f23b25d9f16023c7cdd5a9e3b9533fe4d5a158736f7560c0996c3f42b0_amd64 |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:661c004470c10b3f900fa2285b28e14a18667664d37e79b777d1693d732c0d7f_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8@sha256:661c004470c10b3f900fa2285b28e14a18667664d37e79b777d1693d732c0d7f_ppc64le |
| Red Hat | openshift-service-mesh/istio-rhel8-operator@sha256:e2c6046a3fd8a730c859107a14af76ec60a1518a3dc066d198cc92e3d086a97e_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-rhel8-operator@sha256:e2c6046a3fd8a730c859107a14af76ec60a1518a3dc066d198cc92e3d086a97e_amd64 |
| Red Hat | openshift-service-mesh/pilot-rhel8@sha256:235b0b6046018ae28c4b4b98d601b8db3f785cb30e295154879d5cd03b63e508_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/pilot-rhel8@sha256:235b0b6046018ae28c4b4b98d601b8db3f785cb30e295154879d5cd03b63e508_amd64 |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:dbd36a3344790a8c9b759292b0949e963e73965d60392f2e824c63dcfae91b01_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:dbd36a3344790a8c9b759292b0949e963e73965d60392f2e824c63dcfae91b01_amd64 |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:2322141c966068eaed50d9db68752a2ecab6448d38d53fffc7b0258ad6643742_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/grafana-rhel8@sha256:2322141c966068eaed50d9db68752a2ecab6448d38d53fffc7b0258ad6643742_s390x |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:e065f74026282422dc5f0f958802bc621808cf03551818a5ffe90934e4b40380_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8@sha256:e065f74026282422dc5f0f958802bc621808cf03551818a5ffe90934e4b40380_s390x |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:62149d00c44d80f7c26ed749d4234f68208d1f46cd17cf75aa4a5c3b8a84b35c_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:62149d00c44d80f7c26ed749d4234f68208d1f46cd17cf75aa4a5c3b8a84b35c_ppc64le |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:088811647145f6a0ba8d57e451f14011279de320dc61cd9e67c03a941ee40827_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-cni-rhel8@sha256:088811647145f6a0ba8d57e451f14011279de320dc61cd9e67c03a941ee40827_s390x |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:37e88c819d5d8e3bb3419c96e7fc8698560013aac59b1638f5220abda37f8980_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-cni-rhel8@sha256:37e88c819d5d8e3bb3419c96e7fc8698560013aac59b1638f5220abda37f8980_amd64 |
…and 4 more
Timeline
- Aug 31, 2022 CVE Published
- Apr 29, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2022:6283 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2107371 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107376 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107386 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107388 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107390 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2107392 issue
- https://issues.redhat.com/browse/OSSM-1105 advisory
- https://issues.redhat.com/browse/OSSM-1205 advisory
- https://issues.redhat.com/browse/OSSM-1668 advisory
- https://issues.redhat.com/browse/OSSM-1718 advisory
- https://issues.redhat.com/browse/OSSM-1775 advisory
- https://issues.redhat.com/browse/OSSM-1800 advisory
- https://issues.redhat.com/browse/OSSM-1805 advisory
- https://issues.redhat.com/browse/OSSM-1846 advisory
- https://issues.redhat.com/browse/OSSM-1868 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6283.json advisory
- https://access.redhat.com/security/cve/CVE-2022-1705 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2107374 issue
…and 33 more