VDB

RHSA-2023%3A1079

RHSA-2023%3A1079 PUBLISHED CVSS 6.5 MEDIUM

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatrhosp-rhel8/osp-director-downloader@sha256:967c3a522c29c2d4cc5e7cb5753d835d8cf6f81100c5c2f04fe8582de33e88e3_amd64 as a component of Red Hat OpenStack Platform 16.2rhosp-rhel8/osp-director-downloader@sha256:967c3a522c29c2d4cc5e7cb5753d835d8cf6f81100c5c2f04fe8582de33e88e3_amd64
golanggo
Red Hatrhosp-rhel8/osp-director-operator-bundle@sha256:10b0abbec12aecb237e4b25b059c1187bdbd63273ab8313bd9d51c9730caca99_amd64 as a component of Red Hat OpenStack Platform 16.2rhosp-rhel8/osp-director-operator-bundle@sha256:10b0abbec12aecb237e4b25b059c1187bdbd63273ab8313bd9d51c9730caca99_amd64, *, rhosp-rhel8/osp-director-operator-bundle@sha256:10b0abbec12aecb237e4b25b059c1187bdbd63273ab8313bd9d51c9730caca99_amd64
Red Hatrhosp-rhel8/osp-director-operator@sha256:c49a0a5b2f1ff5068a4e6494ba3a1ccbebd9e2dfb6fd99364b9190d1225e19df_amd64 as a component of Red Hat OpenStack Platform 16.2rhosp-rhel8/osp-director-operator@sha256:c49a0a5b2f1ff5068a4e6494ba3a1ccbebd9e2dfb6fd99364b9190d1225e19df_amd64
Red Hatrhosp-rhel8/osp-director-agent@sha256:ebd4fcfacd4c31baee7498562d219ad6e7210a41b6b8cc05b6fc941b4c5d325f_amd64 as a component of Red Hat OpenStack Platform 16.2rhosp-rhel8/osp-director-agent@sha256:ebd4fcfacd4c31baee7498562d219ad6e7210a41b6b8cc05b6fc941b4c5d325f_amd64
Red Hatrhosp-rhel8/osp-director-downloader@sha256:967c3a522c29c2d4cc5e7cb5753d835d8cf6f81100c5c2f04fe8582de33e88e3_amd64 as a component of Red Hat OpenStack Platform 16.2rhosp-rhel8/osp-director-downloader@sha256:967c3a522c29c2d4cc5e7cb5753d835d8cf6f81100c5c2f04fe8582de33e88e3_amd64, *, *
Red Hatrhosp-rhel8/osp-director-operator@sha256:c49a0a5b2f1ff5068a4e6494ba3a1ccbebd9e2dfb6fd99364b9190d1225e19df_amd64 as a component of Red Hat OpenStack Platform 16.2*, *, rhosp-rhel8/osp-director-operator@sha256:c49a0a5b2f1ff5068a4e6494ba3a1ccbebd9e2dfb6fd99364b9190d1225e19df_amd64
Red Hatrhosp-rhel8/osp-director-agent@sha256:ebd4fcfacd4c31baee7498562d219ad6e7210a41b6b8cc05b6fc941b4c5d325f_amd64 as a component of Red Hat OpenStack Platform 16.2*, rhosp-rhel8/osp-director-agent@sha256:ebd4fcfacd4c31baee7498562d219ad6e7210a41b6b8cc05b6fc941b4c5d325f_amd64, rhosp-rhel8/osp-director-agent@sha256:ebd4fcfacd4c31baee7498562d219ad6e7210a41b6b8cc05b6fc941b4c5d325f_amd64
Red Hatrhosp-rhel8/osp-director-operator-bundle@sha256:10b0abbec12aecb237e4b25b059c1187bdbd63273ab8313bd9d51c9730caca99_amd64 as a component of Red Hat OpenStack Platform 16.2rhosp-rhel8/osp-director-operator-bundle@sha256:10b0abbec12aecb237e4b25b059c1187bdbd63273ab8313bd9d51c9730caca99_amd64

Timeline

  • Mar 6, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›