VDB
RHSA-2025%3A2440
RHSA-2025%3A2440
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-sriov-network-device-plugin@sha256:bf6bdb56443e1e6b026a35cdc805520f2a454aa1819a787384f5fc84f65130e5_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/frr-rhel8@sha256:ffda58e2ce95cd3c8578ec2eeb740955ddb308559cd8937f7f959d89c64675d4_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-ptp@sha256:2f3758bedf361670564b9f21f95b16de1ac6869dd0615bd9d832594bb62fa5cc_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift-tech-preview/metallb-rhel8@sha256:e55bf3eef8c443da7211206b9348827d03372bc3212c2e4ec61dd2472b97a8c3_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift-tech-preview/metallb-rhel8@sha256:e55bf3eef8c443da7211206b9348827d03372bc3212c2e4ec61dd2472b97a8c3_amd64 |
| Red Hat | openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:47eed323797cebeb51b41925093eb241a01809ca7d98358842490715466d1b0d_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:47eed323797cebeb51b41925093eb241a01809ca7d98358842490715466d1b0d_amd64 |
| Red Hat | openshift4/ose-contour-rhel8@sha256:215d61c220b3c288079ee16071bf6f270a5b0488de8a6a9406d5a78ddabdfcee_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-sriov-cni@sha256:057df9f468122a684af780a33ca92db57e632192ff1d693bf39136c8a764554d_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:34cf999be72431e55c743d281044228b30b7e691667648262a9e6ad167fcbdc8_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-sriov-infiniband-cni@sha256:d32f23523748a7295044c47193f315e3b75880818574febd0368635d9fc189b0_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ptp-must-gather-rhel8@sha256:4bf239af9f6990d75664c6cba1ff0eff4b2e0ded5545daee627eac34180415a4_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-sriov-network-webhook@sha256:f8b1120af54bc9bed7810e3dd443e7c96e5884b256a9a97b6a9146294e11deba_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2bdb25f4d67226a566fbcfbfe9f7aae615ac46cfa02f9adf1d78899df047e02a_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:a64cb6012d60e24df00c51bc8cb060b5b2b234fc78d2170d464272eb219a1730_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-helm-operator@sha256:de309e2a407204407a82f5df8b9bd2bec3266b529f261518a46a9bce8d83c042_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-helm-operator@sha256:de309e2a407204407a82f5df8b9bd2bec3266b529f261518a46a9bce8d83c042_amd64 |
| Red Hat | openshift4/ose-egress-dns-proxy@sha256:d54c3b92081cf68479b05c4e88043901098fc47eda85db1fdfe61080ab054b14_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-egress-dns-proxy@sha256:d54c3b92081cf68479b05c4e88043901098fc47eda85db1fdfe61080ab054b14_amd64 |
| Red Hat | openshift4/ose-local-storage-operator@sha256:ad05808f59edec4e04e7dfc9e6585522abd50f654d96ae606a1903c13820676a_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-cluster-capacity@sha256:d93323603db2631d6f2b1a22c584492eccb3e132728647f2ec7c1717677a2ed1_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| golang | x/net/html | |
| Red Hat | openshift4/cloud-event-proxy-rhel8@sha256:7e0b8355f7340caec58986215b184752ae6b6122af25a9b2441af0b5db0b7bb4_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-sriov-infiniband-cni@sha256:d32f23523748a7295044c47193f315e3b75880818574febd0368635d9fc189b0_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-sriov-infiniband-cni@sha256:d32f23523748a7295044c47193f315e3b75880818574febd0368635d9fc189b0_amd64 |
…and 70 more
Timeline
- Mar 13, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:2440 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_2440.json advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45338 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338 advisory
- https://go.dev/cl/637536 advisory
- https://go.dev/issue/70906 advisory
- https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3333 advisory