VDB
RHSA-2023%3A7222
RHSA-2023%3A7222
PUBLISHED
CVSS 7.5 HIGH
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhmtc/openshift-migration-controller-rhel8@sha256:4e6233e51dbc216a28ef991f3b302e0a069736274d38ef4ff2109c04ae5e3f49_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-controller-rhel8@sha256:4e6233e51dbc216a28ef991f3b302e0a069736274d38ef4ff2109c04ae5e3f49_amd64 |
| Red Hat | rhmtc/openshift-migration-ui-rhel8@sha256:55b9b7db18dde0134a454b4b8adc66c1dbd94d426756c0732c39cf053cb9d42e_amd64 as a component of 8Base-RHMTC-1.8 | * |
| Red Hat | rhmtc/openshift-migration-log-reader-rhel8@sha256:8f4dc5fc5556e6483530c5c0e6c229982f817a4cc93cb222aa031aa7c7019b68_amd64 as a component of 8Base-RHMTC-1.8 | * |
| Red Hat | rhmtc/openshift-migration-controller-rhel8@sha256:4e6233e51dbc216a28ef991f3b302e0a069736274d38ef4ff2109c04ae5e3f49_amd64 as a component of 8Base-RHMTC-1.8 | * |
| Red Hat | rhmtc/openshift-migration-rhel8-operator@sha256:c64c103aa239ef04954214ca7ae9e6eb234cae7e716902e1d695a5220ff8316c_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-rhel8-operator@sha256:c64c103aa239ef04954214ca7ae9e6eb234cae7e716902e1d695a5220ff8316c_amd64 |
| Red Hat | rhmtc/openshift-migration-operator-bundle@sha256:c3a3adbca1dc38f75cbf940d26db533f7733f573bfb95ce0f5bb9e140d5bfe63_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-operator-bundle@sha256:c3a3adbca1dc38f75cbf940d26db533f7733f573bfb95ce0f5bb9e140d5bfe63_amd64 |
| Red Hat | rhmtc/openshift-migration-hook-runner-rhel8@sha256:73db4beeb2199823cfa10095b6c4826bfaf8105eb907f0306b775c497f3f6d74_amd64 as a component of 8Base-RHMTC-1.8 | * |
| Red Hat | rhmtc/openshift-migration-registry-rhel8@sha256:1ccaffa6fd0efe47ec779366fc7c615f24df8749555c41fbbcca4b044ad39269_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-registry-rhel8@sha256:1ccaffa6fd0efe47ec779366fc7c615f24df8749555c41fbbcca4b044ad39269_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c1b54b7cf7117800228d737b20ed08c0a1f81e4b27dfad29819497a2bca9dbb_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c1b54b7cf7117800228d737b20ed08c0a1f81e4b27dfad29819497a2bca9dbb_amd64 |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:63330daa85a555d601379a72f68ef2f0fe17ff02c2e9b6ade86015e00bfafefe_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-openvpn-rhel8@sha256:63330daa85a555d601379a72f68ef2f0fe17ff02c2e9b6ade86015e00bfafefe_amd64 |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:63330daa85a555d601379a72f68ef2f0fe17ff02c2e9b6ade86015e00bfafefe_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-openvpn-rhel8@sha256:63330daa85a555d601379a72f68ef2f0fe17ff02c2e9b6ade86015e00bfafefe_amd64 |
| Red Hat | rhmtc/openshift-migration-operator-bundle@sha256:c3a3adbca1dc38f75cbf940d26db533f7733f573bfb95ce0f5bb9e140d5bfe63_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-operator-bundle@sha256:c3a3adbca1dc38f75cbf940d26db533f7733f573bfb95ce0f5bb9e140d5bfe63_amd64 |
| Red Hat | rhmtc/openshift-migration-hook-runner-rhel8@sha256:73db4beeb2199823cfa10095b6c4826bfaf8105eb907f0306b775c497f3f6d74_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-hook-runner-rhel8@sha256:73db4beeb2199823cfa10095b6c4826bfaf8105eb907f0306b775c497f3f6d74_amd64 |
| Red Hat | rhmtc/openshift-migration-rhel8-operator@sha256:c64c103aa239ef04954214ca7ae9e6eb234cae7e716902e1d695a5220ff8316c_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-rhel8-operator@sha256:c64c103aa239ef04954214ca7ae9e6eb234cae7e716902e1d695a5220ff8316c_amd64 |
| Red Hat | rhmtc/openshift-migration-must-gather-rhel8@sha256:288df06c12dafcfe99e597010f5c43104a1b06ea1467bcc998e7fc7cb40a2c70_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-must-gather-rhel8@sha256:288df06c12dafcfe99e597010f5c43104a1b06ea1467bcc998e7fc7cb40a2c70_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c1b54b7cf7117800228d737b20ed08c0a1f81e4b27dfad29819497a2bca9dbb_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c1b54b7cf7117800228d737b20ed08c0a1f81e4b27dfad29819497a2bca9dbb_amd64 |
| Red Hat | rhmtc/openshift-migration-ui-rhel8@sha256:55b9b7db18dde0134a454b4b8adc66c1dbd94d426756c0732c39cf053cb9d42e_amd64 as a component of 8Base-RHMTC-1.8 | * |
| Red Hat | rhmtc/openshift-migration-registry-rhel8@sha256:1ccaffa6fd0efe47ec779366fc7c615f24df8749555c41fbbcca4b044ad39269_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-registry-rhel8@sha256:1ccaffa6fd0efe47ec779366fc7c615f24df8749555c41fbbcca4b044ad39269_amd64 |
| Red Hat | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:80a6ac89439aef756037127b460fee129016846464e8327db6d30d9da912e4ec_amd64 as a component of 8Base-RHMTC-1.8 | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:80a6ac89439aef756037127b460fee129016846464e8327db6d30d9da912e4ec_amd64 |
| Red Hat | rhmtc/openshift-migration-must-gather-rhel8@sha256:288df06c12dafcfe99e597010f5c43104a1b06ea1467bcc998e7fc7cb40a2c70_amd64 as a component of 8Base-RHMTC-1.8 | * |
…and 2 more
Timeline
- Nov 15, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7222 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2216475 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2219310 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2246122 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7222.json advisory
- https://access.redhat.com/security/cve/CVE-2022-25883 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-25883 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-25883 advisory
- https://github.com/advisories/GHSA-c2qf-rxjj-qqgw advisory
- https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 advisory
- https://access.redhat.com/security/cve/CVE-2023-26136 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-26136 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-26136 advisory
- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e advisory
- https://github.com/salesforce/tough-cookie/issues/282 advisory
- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3 advisory
- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html advisory
- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 advisory