VDB
RHSA-2023%3A5974
RHSA-2023%3A5974
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x, network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x, * |
| Red Hat | network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le, *, * |
| Red Hat | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 |
| Red Hat | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x, *, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x |
| Red Hat | network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64, network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 |
| Red Hat | network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le, network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le |
| Red Hat | network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le, *, * |
| Red Hat | network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x, network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x, network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x |
| Red Hat | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64, *, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 |
| Red Hat | network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64, *, * |
| Red Hat | network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x, * |
| Red Hat | network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64, network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64, network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 |
| Red Hat | network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64, network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64, network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 |
| Red Hat | network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64, *, network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 |
| Red Hat | network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le, network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le |
| Red Hat | network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64, network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64, network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 |
| Red Hat | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64, * |
| Red Hat | network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64, network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64, network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 |
| Red Hat | network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64, network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64, network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 |
| Red Hat | network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64, network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64, network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 |
…and 20 more
Timeline
- Oct 20, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:5974 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2222167 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2228743 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237773 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237776 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237777 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237778 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/NETOBSERV-1344 advisory
- https://issues.redhat.com/browse/NETOBSERV-926 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5974.json advisory
- https://access.redhat.com/security/cve/CVE-2023-29406 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29406 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29406 advisory
- https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 advisory
- https://access.redhat.com/security/cve/CVE-2023-29409 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29409 advisory
…and 40 more