VDB
RHSA-2023%3A3943
RHSA-2023%3A3943
PUBLISHED
CVSS 7.5 HIGH
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64 as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64, advanced-cluster-security/rhacs-rhel8-operator@sha256:b366864281deb4b324c282380db13cfe0f0933361ebc706988a2cbaa403fe37a_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x as a component of RHACS 4.1 for RHEL 8 | *, advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x, advanced-cluster-security/rhacs-central-db-rhel8@sha256:4616744855907343d0be7fa1787e35b281ef3b66e5a23fab101b5e128f52ad3b_s390x |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:378d9937f14520c62e0badb320cc755806d2a517873b12d2f9f08fb857562433_amd64 as a component of RHACS 4.1 for RHEL 8 | *, *, * |
| Red Hat | advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le, *, advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64 as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64, advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x, *, advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c1fadaff2477a1b5911c66488450112d2bec18fb3c98982ae191812745d6c841_s390x |
| Red Hat | advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-operator-bundle@sha256:977f07546dc7d0d8f5501e5fa64d311d8071d491b7ea4eb5f9577f88be890dac_ppc64le, *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x, *, * |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le, advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le, advanced-cluster-security/rhacs-central-db-rhel8@sha256:20fc9c1f2c050968b0f2d6b3011c5ced868fb7b05e6601a6a835bf681be30f09_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-scanner-rhel8@sha256:45b357d9025f81d212c9121b31441b60940cf997b1a53bcfa6ae8ccc381b84ed_ppc64le, *, * |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64 as a component of RHACS 4.1 for RHEL 8 | *, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le, advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le, advanced-cluster-security/rhacs-main-rhel8@sha256:7e86701d783471db34743c44d527f55b02bb922b3bc270ce4c9f749885991730_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x, advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x, advanced-cluster-security/rhacs-scanner-rhel8@sha256:29ae0c58a01fc6439da2dd3b8ed3651ec23211dd4ce3be8a6f169b2fe2dcfecb_s390x |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ed0d8c9651090b6ddc7885a4a1542e636d35d7bc7644db1a95a16e10fa2a85ea_s390x, * |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x as a component of RHACS 4.1 for RHEL 8 | *, *, advanced-cluster-security/rhacs-main-rhel8@sha256:222b3ba1cf2a40cb31198091b667f351a78a65db1ed7537323c2e477c9878124_s390x |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64 as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e65f2cc299a72c836fcad4725fad101e9cbce840cdfbb5e998f79ae5a16ca4df_amd64 |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64 as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-central-db-rhel8@sha256:2238b2405110f100d7e499fbb6313df6a41a543e07032f04c86b073f5472f73e_amd64, *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le as a component of RHACS 4.1 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0fc086b3aed2f0511d3b994a07a2ba3fcfdfa2a12b29d151e3b2ccbeb639a891_ppc64le, *, * |
…and 48 more
Timeline
- Jun 29, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 20, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:3943 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://docs.openshift.com/acs/4.1/release_notes/41-release-notes.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2064702 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2178358 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2184481 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2184482 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2184483 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2184484 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3943.json advisory
- https://access.redhat.com/security/cve/CVE-2022-27191 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-27191 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-27191 advisory
- https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ advisory
- https://access.redhat.com/security/cve/CVE-2022-41723 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-41723 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41723 advisory
- https://github.com/advisories/GHSA-vvpx-j8f3-3w6h advisory
- https://go.dev/cl/468135 advisory
- https://go.dev/cl/468295 advisory
…and 21 more