VDB
RHSA-2025%3A0907
RHSA-2025%3A0907
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:202d116ef0d6208b1ed44c9bfb0c1527dad0e44031d2b9babe7fa25eee0197cd_ppc64le as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:4b9a01b61e1f72eb9103718c6fd08f89f3776ba2b0807a8721e890397c158475_amd64 as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:6b5d06e7effb97bd532375e8982ff4396924355fccb161be19df0dc121a098a1_arm64 as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9929ec613b4bc008705bee775b56aec1c4729c2f0c1d572239a75424b246452b_amd64 as a component of RHACS 4.6 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9929ec613b4bc008705bee775b56aec1c4729c2f0c1d572239a75424b246452b_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:5f38522cec9a86c17a565cd3eff51c1960a9ea171a786d8af4244ca141f7f285_arm64 as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ecf659bdaeb9cbbfd0f5178ffc83b7b8474b5dd83ce565e50c57f18599dcd0a4_arm64 as a component of RHACS 4.6 for RHEL 8 | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ecf659bdaeb9cbbfd0f5178ffc83b7b8474b5dd83ce565e50c57f18599dcd0a4_arm64, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:dc6bc09d80acc2ca1cc43925c7dc634f4922b5e1849ff5a30280002f6767ad6e_amd64 as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f902f9109751eba20c26a8cbe89c52c18467d8166ff33716c79390d743d756a0_amd64 as a component of RHACS 4.6 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f902f9109751eba20c26a8cbe89c52c18467d8166ff33716c79390d743d756a0_amd64, advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f902f9109751eba20c26a8cbe89c52c18467d8166ff33716c79390d743d756a0_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:202d116ef0d6208b1ed44c9bfb0c1527dad0e44031d2b9babe7fa25eee0197cd_ppc64le as a component of RHACS 4.6 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:202d116ef0d6208b1ed44c9bfb0c1527dad0e44031d2b9babe7fa25eee0197cd_ppc64le, * |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:897c5db46b7bf6a19edef564e7a220e1a805ce6430befa7bb84a7b20ffa658fe_amd64 as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:05fc5fa02cb04737a083b29d0d344da428f8d0b8fe24229715d5d6512dbab2f1_ppc64le as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:5248ab4d7994e809e5cae15758231e7844dbd6772351b257cc4b0a90f4eb9ccd_ppc64le as a component of RHACS 4.6 for RHEL 8 | *, advanced-cluster-security/rhacs-main-rhel8@sha256:5248ab4d7994e809e5cae15758231e7844dbd6772351b257cc4b0a90f4eb9ccd_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:fe38999c6c30224a453027c1cb9117df9d742c4056a8997054e7f299e266e9a8_ppc64le as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:797637fd0bc37a7b30704a1984e577c5f0b0a3c803ac310efa89bcfb1322799c_ppc64le as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:d38ac805c3a827fbc01686ec53909c919eeb4e5d62730a7ec67d29fbd00bf049_amd64 as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f2109b7ec783bc98539c147b43a0b747f571a02bf78fd70220d3f9cbb5b2c9b4_ppc64le as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ecf659bdaeb9cbbfd0f5178ffc83b7b8474b5dd83ce565e50c57f18599dcd0a4_arm64 as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f902f9109751eba20c26a8cbe89c52c18467d8166ff33716c79390d743d756a0_amd64 as a component of RHACS 4.6 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:15b02a2b037f2713fd3bad41506f606cb5bb7d4fe2263b54bc0597ecfa44bfb4_arm64 as a component of RHACS 4.6 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:15b02a2b037f2713fd3bad41506f606cb5bb7d4fe2263b54bc0597ecfa44bfb4_arm64, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:15b02a2b037f2713fd3bad41506f606cb5bb7d4fe2263b54bc0597ecfa44bfb4_arm64 |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:effc0cd6a09c7c1ce2b3a46a46ed4cb9f4b1ac65f3af783a7404a7b22a0d3db6_amd64 as a component of RHACS 4.6 for RHEL 8 | *, * |
…and 84 more
Timeline
- Feb 3, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 5, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:0907 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://docs.openshift.com/acs/4.6/release_notes/46-release-notes.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2335888 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2335901 issue
- https://issues.redhat.com/browse/ROX-27748 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0907.json advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45338 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338 advisory
- https://go.dev/cl/637536 advisory
- https://go.dev/issue/70906 advisory
- https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3333 advisory
- https://access.redhat.com/security/cve/CVE-2025-21613 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-21613 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-21613 advisory
- https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m advisory
- https://pkg.go.dev/vuln/GO-2025-3368 advisory
…and 5 more