VDB
RHSA-2025%3A3973
RHSA-2025%3A3973
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:8be81317a62550832b4eb68aed1460620079b1cc5c0da4b981a01aed5810b2c3_amd64 as a component of CNV 4.16 for RHEL 9 | *, * |
| Red Hat | container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:3cbe86e9f825a7b7136335c9e94dbfbb85dac8c67dbe77ad5cb2fae515963370_amd64 as a component of CNV 4.16 for RHEL 9 | *, * |
| Red Hat | container-native-virtualization/virt-cdi-cloner-rhel9@sha256:ee20a3bf0273be64cf62e9a7ddc647058c20eda1fc4a12b97bf96a74f50e9538_amd64 as a component of CNV 4.16 for RHEL 9 | * |
| Red Hat | container-native-virtualization/virt-api-rhel9@sha256:e619df94c6b1736d92b8e33543f50b912cdd34c309384af18b08d58906d480b2_arm64 as a component of CNV 4.16 for RHEL 9 | container-native-virtualization/virt-api-rhel9@sha256:e619df94c6b1736d92b8e33543f50b912cdd34c309384af18b08d58906d480b2_arm64 |
| Red Hat | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:837d81d3d80bd08e1bf5f8be6ded4393101b78efab4f8f94b5f3b558e5e57d20_arm64 as a component of CNV 4.16 for RHEL 9 | *, * |
| Red Hat | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:837d81d3d80bd08e1bf5f8be6ded4393101b78efab4f8f94b5f3b558e5e57d20_arm64 as a component of CNV 4.16 for RHEL 9 | * |
| Red Hat | container-native-virtualization/libguestfs-tools-rhel9@sha256:ea9349926bc0415d8c092637a26bedd995293850b4a17c3bbac18d1bf1942d04_arm64 as a component of CNV 4.16 for RHEL 9 | *, * |
| Red Hat | container-native-virtualization/mtq-operator-rhel9@sha256:588ca925e639ad1662a73c45062bada9295d804ac62797fc91dc2e65e3de64ad_arm64 as a component of CNV 4.16 for RHEL 9 | * |
| Red Hat | container-native-virtualization/virt-operator-rhel9@sha256:5bfc8b466707596e73456986ab1edd54c7e414ba2358e8b071f7ece80c71f8fa_amd64 as a component of CNV 4.16 for RHEL 9 | container-native-virtualization/virt-operator-rhel9@sha256:5bfc8b466707596e73456986ab1edd54c7e414ba2358e8b071f7ece80c71f8fa_amd64 |
| Red Hat | container-native-virtualization/kubevirt-storage-checkup-rhel9@sha256:0e6bd537934ad198b1b8c3346a6a44abdc5ac8062a6f239e1ce13cf4a875c092_arm64 as a component of CNV 4.16 for RHEL 9 | *, * |
| Red Hat | container-native-virtualization/libguestfs-tools-rhel9@sha256:9f3d7afbe5746fa6641dbb513794ddc61fae3d795f7fa5e1809791355d77777a_amd64 as a component of CNV 4.16 for RHEL 9 | container-native-virtualization/libguestfs-tools-rhel9@sha256:9f3d7afbe5746fa6641dbb513794ddc61fae3d795f7fa5e1809791355d77777a_amd64 |
| Red Hat | container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:7ae29d47466ce974455ccd73908326c1e087674e7619c683e0a3b05c31d2afff_arm64 as a component of CNV 4.16 for RHEL 9 | container-native-virtualization/kubevirt-ssp-operator-rhel9@sha256:7ae29d47466ce974455ccd73908326c1e087674e7619c683e0a3b05c31d2afff_arm64 |
| Red Hat | container-native-virtualization/virt-cdi-importer-rhel9@sha256:40801946d71d0a8ae84a0941f79652451d73fd289429330d5525aea27270e1c0_arm64 as a component of CNV 4.16 for RHEL 9 | * |
| Red Hat | container-native-virtualization/wasp-agent-rhel9@sha256:bea6d4fd1ff0fbcfde5cddb0eab46f8ff55651496bc99f4d301000ed94d7baea_arm64 as a component of CNV 4.16 for RHEL 9 | * |
| Red Hat | container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:fcfbd52d609a582da1f28a80b5fbff60b4b3e441b03e30f5383b3d67fb58b845_amd64 as a component of CNV 4.16 for RHEL 9 | container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:fcfbd52d609a582da1f28a80b5fbff60b4b3e441b03e30f5383b3d67fb58b845_amd64 |
| Red Hat | container-native-virtualization/virt-exportserver-rhel9@sha256:34dcced345d2ce57d4270f338b0bab5ae4baa7692fa308abd7a3652e64554cc6_amd64 as a component of CNV 4.16 for RHEL 9 | *, * |
| Red Hat | container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:3fd9e637f55f7c894f020d7984cc6fe46b78e11ece404ba8e5e6eda2af3310b4_amd64 as a component of CNV 4.16 for RHEL 9 | * |
| Red Hat | container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:6b9a4e20f363ea5f7e46d238ed64bfdc2efeed90b45e59f05604aa0c4e12b53d_amd64 as a component of CNV 4.16 for RHEL 9 | * |
| Red Hat | container-native-virtualization/virt-api-rhel9@sha256:e619df94c6b1736d92b8e33543f50b912cdd34c309384af18b08d58906d480b2_arm64 as a component of CNV 4.16 for RHEL 9 | *, * |
| Red Hat | container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:efe6822bced3a98ad5bf7a8701d0ad66f4d4505fb31030a3a34eef94df8aa44f_arm64 as a component of CNV 4.16 for RHEL 9 | container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:efe6822bced3a98ad5bf7a8701d0ad66f4d4505fb31030a3a34eef94df8aa44f_arm64 |
…and 197 more
Timeline
- Apr 17, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 5, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:3973 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2295310 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://issues.redhat.com/browse/CNV-48124 advisory
- https://issues.redhat.com/browse/CNV-48157 advisory
- https://issues.redhat.com/browse/CNV-48883 advisory
- https://issues.redhat.com/browse/CNV-48884 advisory
- https://issues.redhat.com/browse/CNV-50785 advisory
- https://issues.redhat.com/browse/CNV-51123 advisory
- https://issues.redhat.com/browse/CNV-52035 advisory
- https://issues.redhat.com/browse/CNV-54615 advisory
- https://issues.redhat.com/browse/CNV-54971 advisory
- https://issues.redhat.com/browse/CNV-55568 advisory
- https://issues.redhat.com/browse/CNV-56325 advisory
- https://issues.redhat.com/browse/CNV-56674 advisory
- https://issues.redhat.com/browse/CNV-56920 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3973.json advisory
- https://access.redhat.com/security/cve/CVE-2024-24791 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-24791 advisory
…and 11 more