VDB

RHSA-2025%3A3500

RHSA-2025%3A3500 PUBLISHED CVSS 7.5 HIGH

A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatodf4/rook-ceph-operator-bundle@sha256:df17a31226a5a883e07be468ac20fb153a334f5d8b2718c17d7cf448b28fbd47_s390x as a component of RHODF 4.17 for RHEL 9odf4/rook-ceph-operator-bundle@sha256:df17a31226a5a883e07be468ac20fb153a334f5d8b2718c17d7cf448b28fbd47_s390x
Red Hatodf4/odf-operator-bundle@sha256:14516c830d0abad30598bbb0268e865057672dcc22e85cfa7f7b28d73e06dc54_s390x as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/odf-csi-addons-rhel9-operator@sha256:e9bea6672693d064ef865d4eaaacfcd5a8ef792ba2f3f36ae358995dcce281e5_ppc64le as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/mcg-operator-bundle@sha256:b399bbdde09923dd23bfc65d088894a79610e53d895c1de2d26e91850b2735f4_amd64 as a component of RHODF 4.17 for RHEL 9odf4/mcg-operator-bundle@sha256:b399bbdde09923dd23bfc65d088894a79610e53d895c1de2d26e91850b2735f4_amd64
Red Hatodf4/odf-csi-addons-rhel9-operator@sha256:cd948f94ceabaf729040a60ecf6603da00de782249c79691f6562cbb2b19d404_amd64 as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/cephcsi-rhel9@sha256:9e303d40097486dc50d743323ba6a8de7e3e2e5a8d8bc607728fed47220530a4_amd64 as a component of RHODF 4.17 for RHEL 9odf4/cephcsi-rhel9@sha256:9e303d40097486dc50d743323ba6a8de7e3e2e5a8d8bc607728fed47220530a4_amd64
Red Hatodf4/mcg-core-rhel9@sha256:6709b4595c2ca391378a8eff9d2b8d86475cf886c27d0ad12c5aa448203dd49f_ppc64le as a component of RHODF 4.17 for RHEL 9odf4/mcg-core-rhel9@sha256:6709b4595c2ca391378a8eff9d2b8d86475cf886c27d0ad12c5aa448203dd49f_ppc64le
Red Hatodf4/odr-rhel9-operator@sha256:ded381a718b98ea7a4abb7e75db96e98b84b73eb7529359ece7fa61ea0ab8eab_s390x as a component of RHODF 4.17 for RHEL 9odf4/odr-rhel9-operator@sha256:ded381a718b98ea7a4abb7e75db96e98b84b73eb7529359ece7fa61ea0ab8eab_s390x
Red Hatodf4/odf-cli-rhel9@sha256:4778eb4267c9bc0de3b16460eca81fda4f14e258ff9e549040b00e4e89905a0a_arm64 as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/odf-csi-addons-rhel9-operator@sha256:4b45c8e60604449f6c74150baacb3d11e50b3a10e1e7e5a2ae5568b94e8eddfe_arm64 as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/ocs-operator-bundle@sha256:f8d44006d6ba9cc03f369b55d65922d21062fdc886a0ec45e5c4066e249affe4_s390x as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/ocs-client-rhel9-operator@sha256:83ff074d8c07017826fd332423ddd4d7893ddb64b0db6fc3e5994af11ec362d2_ppc64le as a component of RHODF 4.17 for RHEL 9odf4/ocs-client-rhel9-operator@sha256:83ff074d8c07017826fd332423ddd4d7893ddb64b0db6fc3e5994af11ec362d2_ppc64le
Red Hatodf4/odf-cosi-sidecar-rhel9@sha256:c70eb5b401fb8cf7cbbbb41f183027be6ca97a806481067103557a5fcad1de14_ppc64le as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/ocs-metrics-exporter-rhel9@sha256:963317814b12fc9024857eabc03252fcd5219fc94daf9727c0d15543c61cc57e_amd64 as a component of RHODF 4.17 for RHEL 9odf4/ocs-metrics-exporter-rhel9@sha256:963317814b12fc9024857eabc03252fcd5219fc94daf9727c0d15543c61cc57e_amd64
Red Hatodf4/odr-rhel9-operator@sha256:de563b32b7c20314a99e44a85e036884ad579b71f66e4beca89988fffe7f4ab6_ppc64le as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/odf-console-rhel9@sha256:ff2d2d94d954ccbfc051247d8ed2c060dfd395b421a5fcd1da31c2bd4dc29d8b_s390x as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/odf-csi-addons-rhel9-operator@sha256:933c9ca1ac5fa25d45bb519c44ab4830739f5822ad3136e4f8fbdf8484566423_s390x as a component of RHODF 4.17 for RHEL 9odf4/odf-csi-addons-rhel9-operator@sha256:933c9ca1ac5fa25d45bb519c44ab4830739f5822ad3136e4f8fbdf8484566423_s390x
Red Hatodf4/odf-cli-rhel9@sha256:050e0f2d20690c2a10f61c367652289395bf44b8de0bf9b304fb538e8ddd5ba8_ppc64le as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/odf-csi-addons-sidecar-rhel9@sha256:a5d0c18c9af49ec036b10b3c5f74aee018e5104ce83bfdda42fac315ef492642_s390x as a component of RHODF 4.17 for RHEL 9*
Red Hatodf4/odf-prometheus-operator-bundle@sha256:b242be5f5d66e30089d038f5c236b5b1f8ae15925db9b108abd5d4651f5e981f_ppc64le as a component of RHODF 4.17 for RHEL 9*

…and 190 more

Exploit Intelligence

Timeline

  • Apr 1, 2025 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›