VDB
RHSA-2022%3A6318
RHSA-2022%3A6318
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-ansible-operator@sha256:aab2a25350d1d1489a09a77bc15555214e8e3a85fd4763d1858e482fcfccf07c_s390x as a component of Red Hat OpenShift Container Platform 4.9 | * |
| Red Hat | openshift4/ose-operator-sdk-rhel8@sha256:4ba28b55eb4cad28d8521f334d2ebc22dd4a903098911a40aa156fde6f1b2e3b_ppc64le as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-operator-sdk-rhel8@sha256:4ba28b55eb4cad28d8521f334d2ebc22dd4a903098911a40aa156fde6f1b2e3b_ppc64le |
| Red Hat | openshift4/kubernetes-nmstate-rhel8-operator@sha256:dcb7e3bb04ad6a367402dd6b459322df74a8c3e9b296823603b0588e50c86672_ppc64le as a component of Red Hat OpenShift Container Platform 4.9 | * |
| Red Hat | openshift4/ose-node-problem-detector-rhel8@sha256:29e51cc9d88efbf545852fddd49ce1f06beaafdfc81c6f702a4cf28c5304f107_ppc64le as a component of Red Hat OpenShift Container Platform 4.9 | * |
| Red Hat | openshift4/ose-sriov-network-device-plugin@sha256:fe91022ed0551c0120f569edb65624d6fd83ec6eb9483a2747b463a4e4a7e2a9_ppc64le as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-sriov-network-device-plugin@sha256:fe91022ed0551c0120f569edb65624d6fd83ec6eb9483a2747b463a4e4a7e2a9_ppc64le |
| Red Hat | openshift4/ose-sriov-network-device-plugin@sha256:5d8bbd5c3178d9db9fca251c69c1f3e4fa8c5bbea872e0da743bbb8ba29a906e_amd64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-sriov-network-device-plugin@sha256:5d8bbd5c3178d9db9fca251c69c1f3e4fa8c5bbea872e0da743bbb8ba29a906e_amd64 |
| Red Hat | openshift4/ose-sriov-network-webhook@sha256:2b4371a8fb6860505fb126dd79148b33caa62d6b8d3a2ba24dd8c0f5574e3cd4_s390x as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-sriov-network-webhook@sha256:2b4371a8fb6860505fb126dd79148b33caa62d6b8d3a2ba24dd8c0f5574e3cd4_s390x |
| Red Hat | openshift4/ose-operator-sdk-rhel8@sha256:52b27027f00d90b386ca4c79a03b9605f1abfa8bfba99f7034ee2e252cf28ee6_amd64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-operator-sdk-rhel8@sha256:52b27027f00d90b386ca4c79a03b9605f1abfa8bfba99f7034ee2e252cf28ee6_amd64 |
| Red Hat | openshift4/ose-operator-sdk-rhel8@sha256:b5e03578b14adf42f044db7c8b7eb67d0920a2c4d908da7976fc8d14a9e329a6_arm64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-operator-sdk-rhel8@sha256:b5e03578b14adf42f044db7c8b7eb67d0920a2c4d908da7976fc8d14a9e329a6_arm64 |
| Red Hat | openshift4/ose-ptp@sha256:e325a7a2d9e3e752137b7361376effb022cd4a7e744388405a8f498d839531e1_amd64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-ptp@sha256:e325a7a2d9e3e752137b7361376effb022cd4a7e744388405a8f498d839531e1_amd64 |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8@sha256:986f98937827100be9e6e47a9912d444843c59bab86064e18d0e64b0a431e764_arm64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-clusterresourceoverride-rhel8@sha256:986f98937827100be9e6e47a9912d444843c59bab86064e18d0e64b0a431e764_arm64 |
| Red Hat | openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:a951404b33a17dca554c0ff060ea1a3ec1446f9389a22c9305e3ce61e4540bee_amd64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:a951404b33a17dca554c0ff060ea1a3ec1446f9389a22c9305e3ce61e4540bee_amd64 |
| Red Hat | openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:6e6fbfa43e2892a7a9dc90984e9c8b0c364f5a0c46c8bc2e8fb8ef84763b10c5_amd64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:6e6fbfa43e2892a7a9dc90984e9c8b0c364f5a0c46c8bc2e8fb8ef84763b10c5_amd64 |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8@sha256:d72650ebed3b7132feb37cb9114b77f36df71e37249e6cd67198e53bfc26dd27_amd64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-clusterresourceoverride-rhel8@sha256:d72650ebed3b7132feb37cb9114b77f36df71e37249e6cd67198e53bfc26dd27_amd64 |
| Red Hat | openshift4/ose-cluster-capacity@sha256:b0c9af67116a57fe50ffaa87c9daf80cfa90191a0cf98014da8e1ff93c366274_arm64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-cluster-capacity@sha256:b0c9af67116a57fe50ffaa87c9daf80cfa90191a0cf98014da8e1ff93c366274_arm64 |
| Red Hat | openshift4/ose-ptp@sha256:e325a7a2d9e3e752137b7361376effb022cd4a7e744388405a8f498d839531e1_amd64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-ptp@sha256:e325a7a2d9e3e752137b7361376effb022cd4a7e744388405a8f498d839531e1_amd64 |
| Red Hat | openshift4/ose-ansible-operator@sha256:e7cd527466d35b1f37b5f57e44e4bf5d03f7c8643ae8ce7aa5547844dc045688_arm64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-ansible-operator@sha256:e7cd527466d35b1f37b5f57e44e4bf5d03f7c8643ae8ce7aa5547844dc045688_arm64 |
| Red Hat | openshift4/ose-local-storage-static-provisioner@sha256:850c50c34e222ca2bd1e52f464f254d69742dfa38bcc87de9276ccfda418f4e6_amd64 as a component of Red Hat OpenShift Container Platform 4.9 | * |
| Red Hat | openshift4/ose-egress-dns-proxy@sha256:d3aff70876283c01ca9ac1730ff4fa30fb7ab580c4493704ec505252086ca858_arm64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-egress-dns-proxy@sha256:d3aff70876283c01ca9ac1730ff4fa30fb7ab580c4493704ec505252086ca858_arm64 |
| Red Hat | openshift4/ose-sriov-network-config-daemon@sha256:0e2fe7e0133da3e3f0098e537046b325e950f98d92c71c63341768ced5bbf4c8_arm64 as a component of Red Hat OpenShift Container Platform 4.9 | openshift4/ose-sriov-network-config-daemon@sha256:0e2fe7e0133da3e3f0098e537046b325e950f98d92c71c63341768ced5bbf4c8_arm64 |
…and 332 more
Timeline
- Sep 12, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:6318 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2100495 issue
- https://issues.redhat.com/browse/OCPBUGS-831 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6318.json advisory
- https://access.redhat.com/security/cve/CVE-2021-38561 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-38561 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-38561 advisory
- https://pkg.go.dev/vuln/GO-2021-0113 advisory