VDB
RHSA-2024%3A0740
RHSA-2024%3A0740
PUBLISHED
CVSS 7.5 HIGH
A denial of service (DoS) vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ingress-node-firewall-rhel8-operator@sha256:d9bb4b9581362876de0353297d78e21ce0d66954b62fb3945e1c9d4a0825b8f3_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-helm-operator@sha256:d60fe156c3e6bf00831761bb4adf1d977972a5de2aac6065c288fc6f8b29aadb_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-helm-operator@sha256:d60fe156c3e6bf00831761bb4adf1d977972a5de2aac6065c288fc6f8b29aadb_ppc64le |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8@sha256:f3473e692519e1bb8be303b149db43053658debf51ece65e1aebd2e67e7d1648_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-clusterresourceoverride-rhel8@sha256:f3473e692519e1bb8be303b149db43053658debf51ece65e1aebd2e67e7d1648_arm64 |
| Red Hat | openshift4/ose-local-storage-operator@sha256:abd477f4707e0e929f407d3ade840b47700f60ed38791640ad3b501677112e61_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-local-storage-operator@sha256:abd477f4707e0e929f407d3ade840b47700f60ed38791640ad3b501677112e61_ppc64le |
| Red Hat | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:f3fb4cbb46725421f9f68d4576ba4532dc3ba92ba3c733af11020ea049511788_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:f3fb4cbb46725421f9f68d4576ba4532dc3ba92ba3c733af11020ea049511788_arm64 |
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:a4975d092b6e8673073674f309709ec6e16c3625458fcec633b365834f1ec616_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:a4975d092b6e8673073674f309709ec6e16c3625458fcec633b365834f1ec616_ppc64le |
| Red Hat | openshift4/ose-local-storage-operator@sha256:5f42d462dcbc0f6aca229c1856e6224d37d09dd4b895df55b7ca04486323a3ba_s390x as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-operator-sdk-rhel8@sha256:db21ead6e70d66d94a7f1592c0e0e7e517f02e040fc37d6776863ef1b23baab4_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-operator-sdk-rhel8@sha256:db21ead6e70d66d94a7f1592c0e0e7e517f02e040fc37d6776863ef1b23baab4_ppc64le |
| Red Hat | openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:ec832a375bef6823c9d55cc38f9a0b66b245d8d0258f6bb8b707bab4df21c52d_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:ec832a375bef6823c9d55cc38f9a0b66b245d8d0258f6bb8b707bab4df21c52d_arm64 |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:15f0061d301251df9e344277455bb8d29826f79406f442791ef14b75ead9c20e_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-local-storage-mustgather-rhel8@sha256:15f0061d301251df9e344277455bb8d29826f79406f442791ef14b75ead9c20e_amd64 |
| Red Hat | openshift4/ose-egress-router@sha256:715b01ad115e9e95993e9a2440c6be9455fcfcdf0c2f11a3e4162d33e7798e6e_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-egress-router@sha256:715b01ad115e9e95993e9a2440c6be9455fcfcdf0c2f11a3e4162d33e7798e6e_arm64 |
| Red Hat | openshift4/ose-sriov-network-config-daemon@sha256:32604e2cf46b41e1451e82b7f69ed5e3d834c5e75e6ae770f27802f11d248f8d_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-ptp-operator@sha256:efdb4e62a7e8d2a95c1c497dccf0c3b22fd826334d902eb9ef476a72ed0e6690_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ptp-operator@sha256:efdb4e62a7e8d2a95c1c497dccf0c3b22fd826334d902eb9ef476a72ed0e6690_ppc64le |
| Red Hat | openshift4/ose-cluster-kube-descheduler-operator@sha256:c0c6dabbe42dd0339183ae50754ce9381b76079da6d7104f154f351beacd31b1_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-kube-descheduler-operator@sha256:c0c6dabbe42dd0339183ae50754ce9381b76079da6d7104f154f351beacd31b1_ppc64le |
| Red Hat | openshift4/ingress-node-firewall@sha256:934c680653a5a0f538ad71435dd8609bb9fbbf2bdead0d88ac578d905a56a05d_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-cloud-event-proxy@sha256:89a115120bed14561712319750a203bde32711536b9afcd74bb43eccdec28522_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-sriov-network-operator@sha256:0421aa4c9c5655d0ec769d80abce6c286187abe9db9ce3f6cf67c2810d40a684_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-sriov-network-operator@sha256:0421aa4c9c5655d0ec769d80abce6c286187abe9db9ce3f6cf67c2810d40a684_amd64 |
| Red Hat | openshift4/ose-egress-dns-proxy@sha256:748953836ef59d8aae304c9ae3fb07ce66c7b7b698916616c96a6a029edd90e4_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:8e9a4a02446725cce6c8990e5a5e8c560e0066de5815b8ceba544ebd81847f25_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:8e9a4a02446725cce6c8990e5a5e8c560e0066de5815b8ceba544ebd81847f25_amd64 |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:454036038f6bd5c16870a51086697179a7631557be5286619a57a12841cebcec_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:454036038f6bd5c16870a51086697179a7631557be5286619a57a12841cebcec_s390x |
…and 128 more
Timeline
- Feb 14, 2024 CVE Published
- Apr 24, 2026 CVE Updated
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:0740 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2258143 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258165 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0740.json advisory
- https://access.redhat.com/security/cve/CVE-2023-49568 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-49568 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-49568 advisory
- https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r advisory
- https://access.redhat.com/security/cve/CVE-2023-49569 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-49569 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-49569 advisory
- https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88 advisory