VDB
RHSA-2024%3A0281
RHSA-2024%3A0281
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:959d5567fa57212bb1d707c6cd0b67d47af4431d7b567f81bcb7e19892fdde30_amd64 as a component of OSSO 1.2 for RHEL 9 | openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:959d5567fa57212bb1d707c6cd0b67d47af4431d7b567f81bcb7e19892fdde30_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:959d5567fa57212bb1d707c6cd0b67d47af4431d7b567f81bcb7e19892fdde30_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:959d5567fa57212bb1d707c6cd0b67d47af4431d7b567f81bcb7e19892fdde30_amd64 |
| Red Hat | openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:959d5567fa57212bb1d707c6cd0b67d47af4431d7b567f81bcb7e19892fdde30_amd64 as a component of OSSO 1.2 for RHEL 9 | *, *, openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:959d5567fa57212bb1d707c6cd0b67d47af4431d7b567f81bcb7e19892fdde30_amd64 |
| Red Hat | openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator@sha256:b085cface9e8b74c3a2588ac70ccb1ea75740065aa006d2993c7f7295154c9dc_amd64 as a component of OSSO 1.2 for RHEL 9 | openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator@sha256:b085cface9e8b74c3a2588ac70ccb1ea75740065aa006d2993c7f7295154c9dc_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator@sha256:b085cface9e8b74c3a2588ac70ccb1ea75740065aa006d2993c7f7295154c9dc_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator@sha256:b085cface9e8b74c3a2588ac70ccb1ea75740065aa006d2993c7f7295154c9dc_amd64 |
| Red Hat | openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator@sha256:b085cface9e8b74c3a2588ac70ccb1ea75740065aa006d2993c7f7295154c9dc_amd64 as a component of OSSO 1.2 for RHEL 9 | openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator@sha256:b085cface9e8b74c3a2588ac70ccb1ea75740065aa006d2993c7f7295154c9dc_amd64, *, * |
Timeline
- Mar 6, 2024 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- May 19, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:0281 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2253193 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2253330 issue
- https://issues.redhat.com/browse/OCPBUGS-23328 advisory
- https://issues.redhat.com/browse/OCPBUGS-25130 advisory
- https://issues.redhat.com/browse/OCPBUGS-28584 advisory
- https://issues.redhat.com/browse/WRKLDS-899 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0281.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39326 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39326 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39326 advisory
- https://pkg.go.dev/vuln/GO-2023-2382 advisory
- https://access.redhat.com/security/cve/CVE-2023-45287 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-45287 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-45287 advisory
- https://pkg.go.dev/vuln/GO-2023-2375 advisory