VDB
RHSA-2025%3A3132
RHSA-2025%3A3132
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/opa-openshift-rhel9@sha256:a88fbeca3dce34d749a433de069ac020acd6446be807abbeebb699fbf60e1849_ppc64le as a component of RHOL 6.0 for RHEL 9 | openshift-logging/opa-openshift-rhel9@sha256:a88fbeca3dce34d749a433de069ac020acd6446be807abbeebb699fbf60e1849_ppc64le, *, openshift-logging/opa-openshift-rhel9@sha256:a88fbeca3dce34d749a433de069ac020acd6446be807abbeebb699fbf60e1849_ppc64le |
| Red Hat | openshift-logging/eventrouter-rhel9@sha256:4f287a5ae842fc8b87ba0ac19dd9909ce0fb17b4f4b6c582621b559b55a9c0ae_ppc64le as a component of RHOL 6.0 for RHEL 9 | openshift-logging/eventrouter-rhel9@sha256:4f287a5ae842fc8b87ba0ac19dd9909ce0fb17b4f4b6c582621b559b55a9c0ae_ppc64le, *, * |
| Red Hat | openshift-logging/loki-rhel9-operator@sha256:f6426dc70bc6bfce23a72163afb3229a28bbc340e1e5dbd42696534a6187b6eb_s390x as a component of RHOL 6.0 for RHEL 9 | openshift-logging/loki-rhel9-operator@sha256:f6426dc70bc6bfce23a72163afb3229a28bbc340e1e5dbd42696534a6187b6eb_s390x, openshift-logging/loki-rhel9-operator@sha256:f6426dc70bc6bfce23a72163afb3229a28bbc340e1e5dbd42696534a6187b6eb_s390x, openshift-logging/loki-rhel9-operator@sha256:f6426dc70bc6bfce23a72163afb3229a28bbc340e1e5dbd42696534a6187b6eb_s390x |
| Red Hat | openshift-logging/eventrouter-rhel9@sha256:6fc3e68cc69f8ce6eb93244fc344260b48ac68794da1ce78aeb4fad606576789_arm64 as a component of RHOL 6.0 for RHEL 9 | *, *, * |
| Red Hat | openshift-logging/loki-rhel9-operator@sha256:161fc8b97a1752329c7456a6e052b7bedb39a566bc0ba4b91a31a1360aabbaa8_arm64 as a component of RHOL 6.0 for RHEL 9 | openshift-logging/loki-rhel9-operator@sha256:161fc8b97a1752329c7456a6e052b7bedb39a566bc0ba4b91a31a1360aabbaa8_arm64, openshift-logging/loki-rhel9-operator@sha256:161fc8b97a1752329c7456a6e052b7bedb39a566bc0ba4b91a31a1360aabbaa8_arm64, openshift-logging/loki-rhel9-operator@sha256:161fc8b97a1752329c7456a6e052b7bedb39a566bc0ba4b91a31a1360aabbaa8_arm64 |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel9@sha256:e5fdace6353f81300d3fbf57d89ec1ea5038afdb2120cb0c524ce61d65424e34_ppc64le as a component of RHOL 6.0 for RHEL 9 | *, *, openshift-logging/log-file-metric-exporter-rhel9@sha256:e5fdace6353f81300d3fbf57d89ec1ea5038afdb2120cb0c524ce61d65424e34_ppc64le |
| Red Hat | openshift-logging/opa-openshift-rhel9@sha256:89d23ee10b06a32e8424014a6bad13ec4cacc9458a22d829f1539462c8757624_s390x as a component of RHOL 6.0 for RHEL 9 | openshift-logging/opa-openshift-rhel9@sha256:89d23ee10b06a32e8424014a6bad13ec4cacc9458a22d829f1539462c8757624_s390x, openshift-logging/opa-openshift-rhel9@sha256:89d23ee10b06a32e8424014a6bad13ec4cacc9458a22d829f1539462c8757624_s390x, openshift-logging/opa-openshift-rhel9@sha256:89d23ee10b06a32e8424014a6bad13ec4cacc9458a22d829f1539462c8757624_s390x |
| Red Hat | openshift-logging/cluster-logging-rhel9-operator@sha256:6646e0c4534894aab3169a534326a8bfbee5d4c384bdd94434613e4044c8acc6_amd64 as a component of RHOL 6.0 for RHEL 9 | *, openshift-logging/cluster-logging-rhel9-operator@sha256:6646e0c4534894aab3169a534326a8bfbee5d4c384bdd94434613e4044c8acc6_amd64, openshift-logging/cluster-logging-rhel9-operator@sha256:6646e0c4534894aab3169a534326a8bfbee5d4c384bdd94434613e4044c8acc6_amd64 |
| Red Hat | openshift-logging/vector-rhel9@sha256:4e73489bf07ff3376c3947f769902acfc206c6f3ed00cfd7f724f4022be97b44_ppc64le as a component of RHOL 6.0 for RHEL 9 | *, *, openshift-logging/vector-rhel9@sha256:4e73489bf07ff3376c3947f769902acfc206c6f3ed00cfd7f724f4022be97b44_ppc64le |
| Red Hat | openshift-logging/cluster-logging-operator-bundle@sha256:04347c5ffe4381dfc2ec48cafa04b65cd85b732ab32c361a03acadc6b12486c5_amd64 as a component of RHOL 6.0 for RHEL 9 | openshift-logging/cluster-logging-operator-bundle@sha256:04347c5ffe4381dfc2ec48cafa04b65cd85b732ab32c361a03acadc6b12486c5_amd64, *, * |
| Red Hat | openshift-logging/lokistack-gateway-rhel9@sha256:06322689631815e632be8ac68c784641801499b80c7f84ef65a6b6be7d87a85a_arm64 as a component of RHOL 6.0 for RHEL 9 | *, openshift-logging/lokistack-gateway-rhel9@sha256:06322689631815e632be8ac68c784641801499b80c7f84ef65a6b6be7d87a85a_arm64, openshift-logging/lokistack-gateway-rhel9@sha256:06322689631815e632be8ac68c784641801499b80c7f84ef65a6b6be7d87a85a_arm64 |
| Red Hat | openshift-logging/loki-rhel9-operator@sha256:7e5c29156bfbfe36ba9a3fae143d5bfd4a4cbd6b586183e0338b356e3ebec4f0_amd64 as a component of RHOL 6.0 for RHEL 9 | *, openshift-logging/loki-rhel9-operator@sha256:7e5c29156bfbfe36ba9a3fae143d5bfd4a4cbd6b586183e0338b356e3ebec4f0_amd64, openshift-logging/loki-rhel9-operator@sha256:7e5c29156bfbfe36ba9a3fae143d5bfd4a4cbd6b586183e0338b356e3ebec4f0_amd64 |
| Red Hat | openshift-logging/vector-rhel9@sha256:4544bf43eed07afab6f941b7f8fd56a635045eb3ac182bbd180d816a9fc10f76_amd64 as a component of RHOL 6.0 for RHEL 9 | *, *, * |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel9@sha256:0bc239163627bd0b502d74072d5fd8f6606b222784d24963bcc6d104353221c8_arm64 as a component of RHOL 6.0 for RHEL 9 | *, openshift-logging/log-file-metric-exporter-rhel9@sha256:0bc239163627bd0b502d74072d5fd8f6606b222784d24963bcc6d104353221c8_arm64, openshift-logging/log-file-metric-exporter-rhel9@sha256:0bc239163627bd0b502d74072d5fd8f6606b222784d24963bcc6d104353221c8_arm64 |
| Red Hat | openshift-logging/loki-rhel9-operator@sha256:f9f2c7e18a194440964e889c99bffd704b260eee5e4202575dd341fea4ab23fd_ppc64le as a component of RHOL 6.0 for RHEL 9 | openshift-logging/loki-rhel9-operator@sha256:f9f2c7e18a194440964e889c99bffd704b260eee5e4202575dd341fea4ab23fd_ppc64le, openshift-logging/loki-rhel9-operator@sha256:f9f2c7e18a194440964e889c99bffd704b260eee5e4202575dd341fea4ab23fd_ppc64le, * |
| Red Hat | openshift-logging/lokistack-gateway-rhel9@sha256:55d833a3314752d84f5d8fecdec10e1ba933563991e444536aeae17b2e62c397_amd64 as a component of RHOL 6.0 for RHEL 9 | *, *, * |
| Red Hat | openshift-logging/cluster-logging-operator-bundle@sha256:04347c5ffe4381dfc2ec48cafa04b65cd85b732ab32c361a03acadc6b12486c5_amd64 as a component of RHOL 6.0 for RHEL 9 | openshift-logging/cluster-logging-operator-bundle@sha256:04347c5ffe4381dfc2ec48cafa04b65cd85b732ab32c361a03acadc6b12486c5_amd64, openshift-logging/cluster-logging-operator-bundle@sha256:04347c5ffe4381dfc2ec48cafa04b65cd85b732ab32c361a03acadc6b12486c5_amd64, openshift-logging/cluster-logging-operator-bundle@sha256:04347c5ffe4381dfc2ec48cafa04b65cd85b732ab32c361a03acadc6b12486c5_amd64 |
| Red Hat | openshift-logging/logging-loki-rhel9@sha256:ac504d165b83e047af9d8c2a49f136b13e466c43d2d9f679850b3a32f44d96f3_s390x as a component of RHOL 6.0 for RHEL 9 | openshift-logging/logging-loki-rhel9@sha256:ac504d165b83e047af9d8c2a49f136b13e466c43d2d9f679850b3a32f44d96f3_s390x, openshift-logging/logging-loki-rhel9@sha256:ac504d165b83e047af9d8c2a49f136b13e466c43d2d9f679850b3a32f44d96f3_s390x, openshift-logging/logging-loki-rhel9@sha256:ac504d165b83e047af9d8c2a49f136b13e466c43d2d9f679850b3a32f44d96f3_s390x |
| Red Hat | openshift-logging/loki-rhel9-operator@sha256:7e5c29156bfbfe36ba9a3fae143d5bfd4a4cbd6b586183e0338b356e3ebec4f0_amd64 as a component of RHOL 6.0 for RHEL 9 | openshift-logging/loki-rhel9-operator@sha256:7e5c29156bfbfe36ba9a3fae143d5bfd4a4cbd6b586183e0338b356e3ebec4f0_amd64, *, openshift-logging/loki-rhel9-operator@sha256:7e5c29156bfbfe36ba9a3fae143d5bfd4a4cbd6b586183e0338b356e3ebec4f0_amd64 |
| Red Hat | openshift-logging/lokistack-gateway-rhel9@sha256:8159842ddd7237c3710ce6a93338bd3647d53a6355989f614a2bc26e8ed81452_s390x as a component of RHOL 6.0 for RHEL 9 | openshift-logging/lokistack-gateway-rhel9@sha256:8159842ddd7237c3710ce6a93338bd3647d53a6355989f614a2bc26e8ed81452_s390x, openshift-logging/lokistack-gateway-rhel9@sha256:8159842ddd7237c3710ce6a93338bd3647d53a6355989f614a2bc26e8ed81452_s390x, * |
…and 48 more
Exploit Intelligence
- DemoReseedInfra.kt (github-poc)
- scan.openvex.json (github-poc)
- vulncheck_test.go (github-poc)
Timeline
- Mar 26, 2025 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- May 15, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:3132 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2347423 issue
- https://issues.redhat.com/browse/LOG-6759 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3132.json advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45338 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338 advisory
- https://go.dev/cl/637536 advisory
- https://go.dev/issue/70906 advisory
- https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3333 advisory
- https://access.redhat.com/security/cve/CVE-2025-27144 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-27144 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-27144 advisory
- https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22 advisory
- https://github.com/go-jose/go-jose/releases/tag/v4.0.5 advisory
- https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78 advisory