VDB

RHSA-2025%3A23535

RHSA-2025%3A23535 PUBLISHED CVSS 7.5 HIGH

A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift-logging/vector-rhel9@sha256:fc793a57ed674bfab7bfa3fe90712ea139d5ac4c10bc248e2af053354aa59d83_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6*, registry.redhat.io/openshift-logging/vector-rhel9@sha256:fc793a57ed674bfab7bfa3fe90712ea139d5ac4c10bc248e2af053354aa59d83_amd64, *
Red Hatregistry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:61652d19b8a6ca9b9c6dc34b7bfc2415ef2684fcc86bf94a098e5b03a9c24fe4_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6*, *, registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:61652d19b8a6ca9b9c6dc34b7bfc2415ef2684fcc86bf94a098e5b03a9c24fe4_ppc64le
Red Hatregistry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:1b40836fec3571e4a9710120874fc75de3f6ea38829c8860d53b8e3ed76e632f_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:1b40836fec3571e4a9710120874fc75de3f6ea38829c8860d53b8e3ed76e632f_arm64, *, registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:1b40836fec3571e4a9710120874fc75de3f6ea38829c8860d53b8e3ed76e632f_arm64
Red Hatregistry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:bce21467c15cd0a822dbde6b5943b1c6f68c915b9893222fca0111da8b11d399_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:bce21467c15cd0a822dbde6b5943b1c6f68c915b9893222fca0111da8b11d399_amd64, registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:bce21467c15cd0a822dbde6b5943b1c6f68c915b9893222fca0111da8b11d399_amd64, registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:bce21467c15cd0a822dbde6b5943b1c6f68c915b9893222fca0111da8b11d399_amd64
Red Hatregistry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:829d2c60e16e59d8311d7348edac73677a9839378264b1d6a82215307a6b9f22_s390x as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:829d2c60e16e59d8311d7348edac73677a9839378264b1d6a82215307a6b9f22_s390x, registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:829d2c60e16e59d8311d7348edac73677a9839378264b1d6a82215307a6b9f22_s390x, registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:829d2c60e16e59d8311d7348edac73677a9839378264b1d6a82215307a6b9f22_s390x
Red Hatregistry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:7ffb21d2bd7207dcd7ce33fccf7d779f08931f1bfd823172b56a2eff7124dd75_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0*
Red Hatregistry.redhat.io/openshift-logging/vector-rhel9@sha256:fc793a57ed674bfab7bfa3fe90712ea139d5ac4c10bc248e2af053354aa59d83_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/vector-rhel9@sha256:fc793a57ed674bfab7bfa3fe90712ea139d5ac4c10bc248e2af053354aa59d83_amd64, registry.redhat.io/openshift-logging/vector-rhel9@sha256:fc793a57ed674bfab7bfa3fe90712ea139d5ac4c10bc248e2af053354aa59d83_amd64, *
Red Hatregistry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:e6ce4dbcb87786295696d784fe039b7275c1bbc9a6bdecb0d2e9ec5b6922bc7a_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:e6ce4dbcb87786295696d784fe039b7275c1bbc9a6bdecb0d2e9ec5b6922bc7a_ppc64le, registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:e6ce4dbcb87786295696d784fe039b7275c1bbc9a6bdecb0d2e9ec5b6922bc7a_ppc64le, registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:e6ce4dbcb87786295696d784fe039b7275c1bbc9a6bdecb0d2e9ec5b6922bc7a_ppc64le
Red Hatregistry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:bce21467c15cd0a822dbde6b5943b1c6f68c915b9893222fca0111da8b11d399_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:bce21467c15cd0a822dbde6b5943b1c6f68c915b9893222fca0111da8b11d399_amd64, *, *
Red Hatregistry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:345b9e0c00ef641102898314742bdd4be793f899dcf6dec430da6abc5ab53e8a_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6*, *, registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:345b9e0c00ef641102898314742bdd4be793f899dcf6dec430da6abc5ab53e8a_ppc64le
Red Hatregistry.redhat.io/openshift-logging/vector-rhel9@sha256:f983defb833d61c9fb652ea9d43ec60ba57b3c822eccd7a3b930728d413275a2_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/vector-rhel9@sha256:f983defb833d61c9fb652ea9d43ec60ba57b3c822eccd7a3b930728d413275a2_ppc64le, *, registry.redhat.io/openshift-logging/vector-rhel9@sha256:f983defb833d61c9fb652ea9d43ec60ba57b3c822eccd7a3b930728d413275a2_ppc64le
Red Hatregistry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:9c3e5a34329dff33a1a29dae8a96ee24212edb032e10b9cccf345c5bdf6ac2a5_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:9c3e5a34329dff33a1a29dae8a96ee24212edb032e10b9cccf345c5bdf6ac2a5_amd64, registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:9c3e5a34329dff33a1a29dae8a96ee24212edb032e10b9cccf345c5bdf6ac2a5_amd64, registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:9c3e5a34329dff33a1a29dae8a96ee24212edb032e10b9cccf345c5bdf6ac2a5_amd64
Red Hatregistry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:a658762b93bc3e3113760b6778c45165a25c23144c354f5372a50ea197987b87_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6*, registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:a658762b93bc3e3113760b6778c45165a25c23144c354f5372a50ea197987b87_arm64, registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:a658762b93bc3e3113760b6778c45165a25c23144c354f5372a50ea197987b87_arm64
Red Hatregistry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:9c3e5a34329dff33a1a29dae8a96ee24212edb032e10b9cccf345c5bdf6ac2a5_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0*
Red Hatregistry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:131fd2a11c0b6911a0aefa29cef7ad6dcb7618ef0324246bb3303bc3c91c7cf9_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:131fd2a11c0b6911a0aefa29cef7ad6dcb7618ef0324246bb3303bc3c91c7cf9_ppc64le, *, registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:131fd2a11c0b6911a0aefa29cef7ad6dcb7618ef0324246bb3303bc3c91c7cf9_ppc64le
Red Hatregistry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:f8ba2cca143df538ffa21825d95789497207c3c9207f10ff8ba4c00c48797fa0_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:f8ba2cca143df538ffa21825d95789497207c3c9207f10ff8ba4c00c48797fa0_amd64, *, *
Red Hatregistry.redhat.io/openshift-logging/vector-rhel9@sha256:31eda02b3898d93abdeedae01a898ae4f96325c3fc878e35da1c1438fe867790_s390x as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/vector-rhel9@sha256:31eda02b3898d93abdeedae01a898ae4f96325c3fc878e35da1c1438fe867790_s390x, *, *
Red Hatregistry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:ece2162f631dddd7c91041ed0fd0c4446a322128593704be8e672e60660a86e1_s390x as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:ece2162f631dddd7c91041ed0fd0c4446a322128593704be8e672e60660a86e1_s390x, *, registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:ece2162f631dddd7c91041ed0fd0c4446a322128593704be8e672e60660a86e1_s390x
Red Hatregistry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:8c2ac63098801c50b78c588c7e29e7c3748a156874305437804e1e61e07129d3_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:8c2ac63098801c50b78c588c7e29e7c3748a156874305437804e1e61e07129d3_ppc64le, registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:8c2ac63098801c50b78c588c7e29e7c3748a156874305437804e1e61e07129d3_ppc64le, *
Red Hatregistry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:26bae3fe2cfa6bfd4c66f074b637b6be3ee491a8fcf59ea7f272849e2ee7d38e_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0*

…and 83 more

Exploit Intelligence

Timeline

  • Dec 17, 2025 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Jun 18, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›