VDB

RHSA-2025%3A15673

RHSA-2025%3A15673 PUBLISHED CVSS 7.5 HIGH

A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4/ose-cluster-config-operator@sha256:fbfcdf38bf247d28562a2a1d877ce94102610c409350990d9fb5114ff75f9f1e_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-cluster-config-operator@sha256:fbfcdf38bf247d28562a2a1d877ce94102610c409350990d9fb5114ff75f9f1e_amd64, *, registry.redhat.io/openshift4/ose-cluster-config-operator@sha256:fbfcdf38bf247d28562a2a1d877ce94102610c409350990d9fb5114ff75f9f1e_amd64
Red Hatregistry.redhat.io/openshift4/ose-machine-api-provider-openstack-rhel8@sha256:94386a722cf6b2435691c1c244aa18a52a3ebde78dceaf77b43b8ff148cdd98d_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, registry.redhat.io/openshift4/ose-machine-api-provider-openstack-rhel8@sha256:94386a722cf6b2435691c1c244aa18a52a3ebde78dceaf77b43b8ff148cdd98d_amd64, *
Red Hatregistry.redhat.io/openshift4/ose-apiserver-network-proxy-rhel8@sha256:5a43a4461fed31018cc6af199ea4c672da105a85c695c2ac110ea89ce488d43d_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-apiserver-network-proxy-rhel8@sha256:5a43a4461fed31018cc6af199ea4c672da105a85c695c2ac110ea89ce488d43d_amd64, registry.redhat.io/openshift4/ose-apiserver-network-proxy-rhel8@sha256:5a43a4461fed31018cc6af199ea4c672da105a85c695c2ac110ea89ce488d43d_amd64, *
Red Hatregistry.redhat.io/openshift4/ose-cloud-credential-operator@sha256:2f96b73c4c02f61f6a43cef1299fd4006b64013c1a84bd5b860ebccc7de501ed_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-cloud-credential-operator@sha256:2f96b73c4c02f61f6a43cef1299fd4006b64013c1a84bd5b860ebccc7de501ed_amd64, *, registry.redhat.io/openshift4/ose-cloud-credential-operator@sha256:2f96b73c4c02f61f6a43cef1299fd4006b64013c1a84bd5b860ebccc7de501ed_amd64
Red Hatregistry.redhat.io/openshift4/ose-vsphere-csi-driver-syncer-rhel8@sha256:d9ca7d88822abaef6e80f1691ac60d8b4548384d961fbe73988e8319899deea5_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-vsphere-csi-driver-syncer-rhel8@sha256:d9ca7d88822abaef6e80f1691ac60d8b4548384d961fbe73988e8319899deea5_amd64, registry.redhat.io/openshift4/ose-vsphere-csi-driver-syncer-rhel8@sha256:d9ca7d88822abaef6e80f1691ac60d8b4548384d961fbe73988e8319899deea5_amd64, registry.redhat.io/openshift4/ose-vsphere-csi-driver-syncer-rhel8@sha256:d9ca7d88822abaef6e80f1691ac60d8b4548384d961fbe73988e8319899deea5_amd64
Red Hatregistry.redhat.io/openshift4/ose-gcp-pd-csi-driver-rhel8@sha256:016ace2233c87f37ae33219827a925c6111ec6bc1562af673270b398309612cd_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-gcp-pd-csi-driver-rhel8@sha256:016ace2233c87f37ae33219827a925c6111ec6bc1562af673270b398309612cd_amd64, *, *
Red Hatregistry.redhat.io/openshift4/ose-etcd-rhel9@sha256:b7de106259bc14a705cf23e1be7bcdc14becb6defe0f59d40d5db5886b26958a_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, registry.redhat.io/openshift4/ose-etcd-rhel9@sha256:b7de106259bc14a705cf23e1be7bcdc14becb6defe0f59d40d5db5886b26958a_amd64, registry.redhat.io/openshift4/ose-etcd-rhel9@sha256:b7de106259bc14a705cf23e1be7bcdc14becb6defe0f59d40d5db5886b26958a_amd64
Red Hatregistry.redhat.io/openshift4/ose-powervs-block-csi-driver-rhel8@sha256:00ca69f50cf8b0d1a4dec60a0be182a8728bae65d5565d1fc2998ac4ae4bad96_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-powervs-block-csi-driver-rhel8@sha256:00ca69f50cf8b0d1a4dec60a0be182a8728bae65d5565d1fc2998ac4ae4bad96_amd64, registry.redhat.io/openshift4/ose-powervs-block-csi-driver-rhel8@sha256:00ca69f50cf8b0d1a4dec60a0be182a8728bae65d5565d1fc2998ac4ae4bad96_amd64, *
Red Hatregistry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:1c8c2901c11f7831601d5edcd67112e56a3d30b25f2f02cb559cd2e41f928e83_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:1c8c2901c11f7831601d5edcd67112e56a3d30b25f2f02cb559cd2e41f928e83_amd64, registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:1c8c2901c11f7831601d5edcd67112e56a3d30b25f2f02cb559cd2e41f928e83_amd64, registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:1c8c2901c11f7831601d5edcd67112e56a3d30b25f2f02cb559cd2e41f928e83_amd64
Red Hatregistry.redhat.io/openshift4/ose-powervs-block-csi-driver-rhel8@sha256:00ca69f50cf8b0d1a4dec60a0be182a8728bae65d5565d1fc2998ac4ae4bad96_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, *, *
Red Hatregistry.redhat.io/openshift4/ovirt-csi-driver-rhel8-operator@sha256:069b12b7fe6990dab5dfc99646d53694fad3b37618236a598125d2f2e7103086_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ovirt-csi-driver-rhel8-operator@sha256:069b12b7fe6990dab5dfc99646d53694fad3b37618236a598125d2f2e7103086_amd64, registry.redhat.io/openshift4/ovirt-csi-driver-rhel8-operator@sha256:069b12b7fe6990dab5dfc99646d53694fad3b37618236a598125d2f2e7103086_amd64, registry.redhat.io/openshift4/ovirt-csi-driver-rhel8-operator@sha256:069b12b7fe6990dab5dfc99646d53694fad3b37618236a598125d2f2e7103086_amd64
Red Hatregistry.redhat.io/openshift4/ose-operator-registry@sha256:67c7a117e25285135c076f27f6162672e216e32d988f744a93d79df1ed2766ef_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-operator-registry@sha256:67c7a117e25285135c076f27f6162672e216e32d988f744a93d79df1ed2766ef_amd64, *, registry.redhat.io/openshift4/ose-operator-registry@sha256:67c7a117e25285135c076f27f6162672e216e32d988f744a93d79df1ed2766ef_amd64
Red Hatregistry.redhat.io/openshift4/ose-ovirt-machine-controllers-rhel8@sha256:241f36d9f66c59356d97a623b8fa6ba001f95bee02f1b136f9e73bbf5d3f7a96_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-ovirt-machine-controllers-rhel8@sha256:241f36d9f66c59356d97a623b8fa6ba001f95bee02f1b136f9e73bbf5d3f7a96_amd64, registry.redhat.io/openshift4/ose-ovirt-machine-controllers-rhel8@sha256:241f36d9f66c59356d97a623b8fa6ba001f95bee02f1b136f9e73bbf5d3f7a96_amd64, registry.redhat.io/openshift4/ose-ovirt-machine-controllers-rhel8@sha256:241f36d9f66c59356d97a623b8fa6ba001f95bee02f1b136f9e73bbf5d3f7a96_amd64
Red Hatregistry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:223e6f86b83478f5b0ccde4c7d735e917bad433f84d2cb4908a6c8480fb51b4a_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:223e6f86b83478f5b0ccde4c7d735e917bad433f84d2cb4908a6c8480fb51b4a_amd64, registry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:223e6f86b83478f5b0ccde4c7d735e917bad433f84d2cb4908a6c8480fb51b4a_amd64, registry.redhat.io/openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:223e6f86b83478f5b0ccde4c7d735e917bad433f84d2cb4908a6c8480fb51b4a_amd64
Red Hatregistry.redhat.io/openshift4/ose-oauth-apiserver-rhel8@sha256:4a3fa7280dbf20e04d46fa4c6d38c5ca6d1867eccec13ba4c1e4980908278957_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-oauth-apiserver-rhel8@sha256:4a3fa7280dbf20e04d46fa4c6d38c5ca6d1867eccec13ba4c1e4980908278957_amd64, *, *
Red Hatregistry.redhat.io/openshift4/ose-deployer@sha256:d62e15336531af65ca8fb1fb95999fe1b6a0a10290185e1460731d8645a16e77_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-deployer@sha256:d62e15336531af65ca8fb1fb95999fe1b6a0a10290185e1460731d8645a16e77_amd64, registry.redhat.io/openshift4/ose-deployer@sha256:d62e15336531af65ca8fb1fb95999fe1b6a0a10290185e1460731d8645a16e77_amd64, registry.redhat.io/openshift4/ose-deployer@sha256:d62e15336531af65ca8fb1fb95999fe1b6a0a10290185e1460731d8645a16e77_amd64
Red Hatregistry.redhat.io/openshift4/ose-cluster-network-operator@sha256:3609e1d6b1bb1c40f56a129f8dd638e5d549618d0e88536079728462e1aa9955_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-cluster-network-operator@sha256:3609e1d6b1bb1c40f56a129f8dd638e5d549618d0e88536079728462e1aa9955_amd64, registry.redhat.io/openshift4/ose-cluster-network-operator@sha256:3609e1d6b1bb1c40f56a129f8dd638e5d549618d0e88536079728462e1aa9955_amd64, *
Red Hatregistry.redhat.io/openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:4be56f6f95efc27bf8aca7d43cf9b91908d6f6bc53dc5103a754a116e14ba855_amd64 as a component of Red Hat OpenShift Container Platform 4.13registry.redhat.io/openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:4be56f6f95efc27bf8aca7d43cf9b91908d6f6bc53dc5103a754a116e14ba855_amd64, registry.redhat.io/openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:4be56f6f95efc27bf8aca7d43cf9b91908d6f6bc53dc5103a754a116e14ba855_amd64, *
Red Hatregistry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:1c8c2901c11f7831601d5edcd67112e56a3d30b25f2f02cb559cd2e41f928e83_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, *, registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:1c8c2901c11f7831601d5edcd67112e56a3d30b25f2f02cb559cd2e41f928e83_amd64
Red Hatregistry.redhat.io/openshift4/ose-baremetal-runtimecfg-rhel8@sha256:215f11a5f7fb0d11e2158b0ff630c25d1762ba1dc9369b79e893399afc923eb8_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, registry.redhat.io/openshift4/ose-baremetal-runtimecfg-rhel8@sha256:215f11a5f7fb0d11e2158b0ff630c25d1762ba1dc9369b79e893399afc923eb8_amd64, registry.redhat.io/openshift4/ose-baremetal-runtimecfg-rhel8@sha256:215f11a5f7fb0d11e2158b0ff630c25d1762ba1dc9369b79e893399afc923eb8_amd64

…and 363 more

Timeline

  • Sep 18, 2025 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Jul 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›