VDB

RHSA-2025%3A2440

RHSA-2025%3A2440 PUBLISHED CVSS 7.5 HIGH

A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-sriov-network-device-plugin@sha256:bf6bdb56443e1e6b026a35cdc805520f2a454aa1819a787384f5fc84f65130e5_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/frr-rhel8@sha256:ffda58e2ce95cd3c8578ec2eeb740955ddb308559cd8937f7f959d89c64675d4_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ose-ptp@sha256:2f3758bedf361670564b9f21f95b16de1ac6869dd0615bd9d832594bb62fa5cc_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift-tech-preview/metallb-rhel8@sha256:e55bf3eef8c443da7211206b9348827d03372bc3212c2e4ec61dd2472b97a8c3_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift-tech-preview/metallb-rhel8@sha256:e55bf3eef8c443da7211206b9348827d03372bc3212c2e4ec61dd2472b97a8c3_amd64
Red Hatopenshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:47eed323797cebeb51b41925093eb241a01809ca7d98358842490715466d1b0d_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:47eed323797cebeb51b41925093eb241a01809ca7d98358842490715466d1b0d_amd64
Red Hatopenshift4/ose-contour-rhel8@sha256:215d61c220b3c288079ee16071bf6f270a5b0488de8a6a9406d5a78ddabdfcee_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ose-sriov-cni@sha256:057df9f468122a684af780a33ca92db57e632192ff1d693bf39136c8a764554d_amd64 as a component of Red Hat OpenShift Container Platform 4.12*
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:34cf999be72431e55c743d281044228b30b7e691667648262a9e6ad167fcbdc8_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ose-sriov-infiniband-cni@sha256:d32f23523748a7295044c47193f315e3b75880818574febd0368635d9fc189b0_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ptp-must-gather-rhel8@sha256:4bf239af9f6990d75664c6cba1ff0eff4b2e0ded5545daee627eac34180415a4_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ose-sriov-network-webhook@sha256:f8b1120af54bc9bed7810e3dd443e7c96e5884b256a9a97b6a9146294e11deba_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2bdb25f4d67226a566fbcfbfe9f7aae615ac46cfa02f9adf1d78899df047e02a_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:a64cb6012d60e24df00c51bc8cb060b5b2b234fc78d2170d464272eb219a1730_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ose-helm-operator@sha256:de309e2a407204407a82f5df8b9bd2bec3266b529f261518a46a9bce8d83c042_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-helm-operator@sha256:de309e2a407204407a82f5df8b9bd2bec3266b529f261518a46a9bce8d83c042_amd64
Red Hatopenshift4/ose-egress-dns-proxy@sha256:d54c3b92081cf68479b05c4e88043901098fc47eda85db1fdfe61080ab054b14_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-egress-dns-proxy@sha256:d54c3b92081cf68479b05c4e88043901098fc47eda85db1fdfe61080ab054b14_amd64
Red Hatopenshift4/ose-local-storage-operator@sha256:ad05808f59edec4e04e7dfc9e6585522abd50f654d96ae606a1903c13820676a_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ose-cluster-capacity@sha256:d93323603db2631d6f2b1a22c584492eccb3e132728647f2ec7c1717677a2ed1_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
golangx/net/html
Red Hatopenshift4/cloud-event-proxy-rhel8@sha256:7e0b8355f7340caec58986215b184752ae6b6122af25a9b2441af0b5db0b7bb4_amd64 as a component of Red Hat OpenShift Container Platform 4.12*, *, *
Red Hatopenshift4/ose-sriov-infiniband-cni@sha256:d32f23523748a7295044c47193f315e3b75880818574febd0368635d9fc189b0_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-sriov-infiniband-cni@sha256:d32f23523748a7295044c47193f315e3b75880818574febd0368635d9fc189b0_amd64

…and 70 more

Timeline

  • Mar 13, 2025 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jul 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›