VDB

RHSA-2025%3A0840

RHSA-2025%3A0840 PUBLISHED CVSS 7.5 HIGH

A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-csi-snapshot-controller-rhel8@sha256:41a9acdb4fc1051ea6fe9a9873d6b3971ac4a4a850cf255138d3b91beff77054_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-csi-snapshot-controller-rhel8@sha256:41a9acdb4fc1051ea6fe9a9873d6b3971ac4a4a850cf255138d3b91beff77054_arm64
Red Hatopenshift4/ose-prometheus@sha256:f999b2f4d09c7180a053ac8e23bef08131b833c8bfdf51e0a591fb6a6ea4c59b_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-prometheus@sha256:f999b2f4d09c7180a053ac8e23bef08131b833c8bfdf51e0a591fb6a6ea4c59b_s390x
Red Hatopenshift4/ose-cluster-image-registry-operator@sha256:31c0d6cf7c60b5d005f0ec693d509ef16d8cda84a2a2e8da2c50f46a17fe38c5_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cluster-image-registry-operator@sha256:31c0d6cf7c60b5d005f0ec693d509ef16d8cda84a2a2e8da2c50f46a17fe38c5_ppc64le
Red Hatopenshift4/ose-baremetal-machine-controllers@sha256:c7812f73b9fba966604018061d54e0d42945f09a3022d564658c1b48d98c7b0d_ppc64le as a component of Red Hat OpenShift Container Platform 4.14*, *
Red Hatopenshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:9fe68da4d164fd3d5cd40824c5f9d81584a3160426175329c9532b46fd944fc3_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, *
Red Hatopenshift4/ose-olm-operator-controller-rhel8@sha256:c9edfdc76e00f63e081270bc99406e5ed0b386cc5b2ac5f21c2f9ed167e8155b_amd64 as a component of Red Hat OpenShift Container Platform 4.14*, *
Red Hatopenshift4/ose-prom-label-proxy@sha256:39ba39493f0d5d4855bd0adbe44470b50dd82d032acfc9e12aed2b46f29bdd53_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-prom-label-proxy@sha256:39ba39493f0d5d4855bd0adbe44470b50dd82d032acfc9e12aed2b46f29bdd53_amd64
Red Hatopenshift4/ose-multus-admission-controller@sha256:86893cf47a9f2c2ac92d99fbe9fed262d9b1355f12553f3be4e8e94ac4797759_ppc64le as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/ose-hypershift-rhel8@sha256:70f2eee51ba458521e91d4d204af1f2f74b4ca7cdc70ee80ac25ede434627a41_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-hypershift-rhel8@sha256:70f2eee51ba458521e91d4d204af1f2f74b4ca7cdc70ee80ac25ede434627a41_ppc64le
Red Hatopenshift4/ose-prometheus-node-exporter@sha256:5d019d3920db2a4c6947c736285ec98ffc058ed829f2aa0607990bd049cc5932_ppc64le as a component of Red Hat OpenShift Container Platform 4.14*, *
Red Hatopenshift4/ose-cluster-kube-scheduler-operator@sha256:3e6c5ad2380e57f3d7e43d174a5d01b007d531bcb839865cbb2c74936e581113_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cluster-kube-scheduler-operator@sha256:3e6c5ad2380e57f3d7e43d174a5d01b007d531bcb839865cbb2c74936e581113_arm64
Red Hatopenshift4/ose-csi-external-provisioner@sha256:e300cf5c5c2949e4388078eca6252b7809163cb8dd613c5f88b1344fdd7174ba_amd64 as a component of Red Hat OpenShift Container Platform 4.14*, *
Red Hatopenshift4/ose-installer@sha256:be4f7d29f155aa1eb4055ce804eacccb997ff022334145bf00ca61bdaa0b175f_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, *
Red Hatopenshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:6e22cc746425966491ee916bca7995be6b8cf83fd2186993decdc32bce268348_amd64 as a component of Red Hat OpenShift Container Platform 4.14*, *
Red Hatopenshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:242c795fc3889daa34aa87922b5e70b94d237193b10457c27727e47062a5d272_s390x as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/ose-kube-proxy@sha256:5a94d1849ecc1bf4dca289d29ec466ac10a1ca0453afb8c480c2465edc49306a_s390x as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:05bf798337ebb25383358c7295b26964e5305444a2c524149701b24f11bd02eb_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:05bf798337ebb25383358c7295b26964e5305444a2c524149701b24f11bd02eb_amd64
Red Hatopenshift4/ose-cloud-credential-operator@sha256:c4853d3a2aeada94f0970c8b0c2c8c95896d49994e92382919105cd61ae680b2_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cloud-credential-operator@sha256:c4853d3a2aeada94f0970c8b0c2c8c95896d49994e92382919105cd61ae680b2_ppc64le
Red Hatopenshift4/ose-csi-snapshot-controller@sha256:5c7cf7d248d06f7b4ba7c317f1b80ccdb09c81c8f618a4041ab2d6c75faad516_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-csi-snapshot-controller@sha256:5c7cf7d248d06f7b4ba7c317f1b80ccdb09c81c8f618a4041ab2d6c75faad516_s390x
Red Hatopenshift4/ose-cluster-monitoring-operator@sha256:f4df5d5003ca4e137aebbf4200eb43351c0fe47bdf5ad3a108da600fde134710_arm64 as a component of Red Hat OpenShift Container Platform 4.14*

…and 1336 more

Timeline

  • Feb 6, 2025 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jul 5, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›