VDB
RHSA-2025%3A8299
RHSA-2025%3A8299
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-telemeter-rhel9@sha256:a0e7a01de7f921706bbfe57baf153313bd3ec5a9ed944c0fa9156c141d48e0dd_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-telemeter-rhel9@sha256:a0e7a01de7f921706bbfe57baf153313bd3ec5a9ed944c0fa9156c141d48e0dd_s390x, openshift4/ose-telemeter-rhel9@sha256:a0e7a01de7f921706bbfe57baf153313bd3ec5a9ed944c0fa9156c141d48e0dd_s390x |
| Red Hat | openshift4/ose-pod-rhel9@sha256:f51697d1a980121cb7acf00b133595f48bbb022782e9376726790319435f28a1_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-csi-external-snapshotter-rhel9@sha256:74921cb341c35aa5eeb124b716231612954167e4ad363ddd53d1bef73184742a_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-csi-external-snapshotter-rhel9@sha256:74921cb341c35aa5eeb124b716231612954167e4ad363ddd53d1bef73184742a_arm64, *, openshift4/ose-csi-external-snapshotter-rhel9@sha256:74921cb341c35aa5eeb124b716231612954167e4ad363ddd53d1bef73184742a_arm64 |
| Red Hat | openshift4/ose-cluster-network-rhel9-operator@sha256:0c8317fa3a52d689cc1337a4132e9904533cbb097a68daa1b3582cea88d039d7_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-cluster-network-rhel9-operator@sha256:0c8317fa3a52d689cc1337a4132e9904533cbb097a68daa1b3582cea88d039d7_arm64 |
| Red Hat | openshift4/ose-cluster-baremetal-operator-rhel9@sha256:42d70a03ba8cef288304b24af1854864d4f1a8e8bbbbcc05f476a30016dbd50f_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-cluster-baremetal-operator-rhel9@sha256:42d70a03ba8cef288304b24af1854864d4f1a8e8bbbbcc05f476a30016dbd50f_s390x, * |
| Red Hat | openshift4/ose-coredns-rhel9@sha256:c25901ee9f38cc5b768c4e83813c6e38d9e8828144c5100032be868f4b9eb44e_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-coredns-rhel9@sha256:c25901ee9f38cc5b768c4e83813c6e38d9e8828144c5100032be868f4b9eb44e_ppc64le |
| Red Hat | rhcos@sha256:a1d4c1638f4525cbf8d9eb9acc223fe8b4d51eb40161df205d137711fb931bd5_x86_64 as a component of Red Hat OpenShift Container Platform 4.15 | rhcos@sha256:a1d4c1638f4525cbf8d9eb9acc223fe8b4d51eb40161df205d137711fb931bd5_x86_64, rhcos@sha256:a1d4c1638f4525cbf8d9eb9acc223fe8b4d51eb40161df205d137711fb931bd5_x86_64, rhcos@sha256:a1d4c1638f4525cbf8d9eb9acc223fe8b4d51eb40161df205d137711fb931bd5_x86_64 |
| Red Hat | openshift4/ose-gcp-pd-csi-driver-rhel9@sha256:ba3d56d0c4e291b0afbf1f21c2247b08fcf23feac4805cb890d7e31d7f82bd1f_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-gcp-pd-csi-driver-rhel9@sha256:ba3d56d0c4e291b0afbf1f21c2247b08fcf23feac4805cb890d7e31d7f82bd1f_ppc64le, openshift4/ose-gcp-pd-csi-driver-rhel9@sha256:ba3d56d0c4e291b0afbf1f21c2247b08fcf23feac4805cb890d7e31d7f82bd1f_ppc64le, openshift4/ose-gcp-pd-csi-driver-rhel9@sha256:ba3d56d0c4e291b0afbf1f21c2247b08fcf23feac4805cb890d7e31d7f82bd1f_ppc64le |
| Red Hat | openshift4/ose-prometheus-operator-admission-webhook-rhel9@sha256:73303805a6aed3f67cffe19afc8cae14e5525907b7dcdec290230d761665cebd_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-prometheus-operator-admission-webhook-rhel9@sha256:73303805a6aed3f67cffe19afc8cae14e5525907b7dcdec290230d761665cebd_amd64, * |
| Red Hat | openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:edfc03238fbc92f4345f5491a2d085c8293e82157f20829432f5fe64260216ad_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:edfc03238fbc92f4345f5491a2d085c8293e82157f20829432f5fe64260216ad_arm64, openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:edfc03238fbc92f4345f5491a2d085c8293e82157f20829432f5fe64260216ad_arm64 |
| Red Hat | openshift4/ose-kube-storage-version-migrator-rhel9@sha256:2792db87d84e99a7e4e5d5c307e3b8af90999aacf105f8954ffac19fa1266211_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-kube-storage-version-migrator-rhel9@sha256:2792db87d84e99a7e4e5d5c307e3b8af90999aacf105f8954ffac19fa1266211_s390x, *, openshift4/ose-kube-storage-version-migrator-rhel9@sha256:2792db87d84e99a7e4e5d5c307e3b8af90999aacf105f8954ffac19fa1266211_s390x |
| Red Hat | openshift4/driver-toolkit-rhel9@sha256:a453ad3c0eedc9bfc06a79c21db15f02a64b8c9b0eebc8bbe0551cd1a4f336ca_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/driver-toolkit-rhel9@sha256:a453ad3c0eedc9bfc06a79c21db15f02a64b8c9b0eebc8bbe0551cd1a4f336ca_amd64 |
| Red Hat | openshift4/ose-cluster-etcd-rhel9-operator@sha256:1a3ac217ad8475049b72df13254afbe58a5e518214f3ca902b42911173ef1dd4_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cluster-etcd-rhel9-operator@sha256:1a3ac217ad8475049b72df13254afbe58a5e518214f3ca902b42911173ef1dd4_ppc64le, openshift4/ose-cluster-etcd-rhel9-operator@sha256:1a3ac217ad8475049b72df13254afbe58a5e518214f3ca902b42911173ef1dd4_ppc64le, openshift4/ose-cluster-etcd-rhel9-operator@sha256:1a3ac217ad8475049b72df13254afbe58a5e518214f3ca902b42911173ef1dd4_ppc64le |
| Red Hat | openshift4/driver-toolkit-rhel9@sha256:2ee95b3be7cfdedcd861113fc2ee213b1f6e251fe74107df09739ac0180a33f6_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/driver-toolkit-rhel9@sha256:2ee95b3be7cfdedcd861113fc2ee213b1f6e251fe74107df09739ac0180a33f6_s390x, openshift4/driver-toolkit-rhel9@sha256:2ee95b3be7cfdedcd861113fc2ee213b1f6e251fe74107df09739ac0180a33f6_s390x, * |
| Red Hat | openshift4/ose-sdn-rhel9@sha256:218498e4e9d292c0066f9ac9290397496b5149ef9facfe71ff086d8cab699d45_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-cluster-authentication-rhel9-operator@sha256:dfde9bb7e38100af94a894c5996db8400cd327859d3568c9a689a37024c99f37_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-cluster-update-keys-rhel9@sha256:f70dc7e63a8bd8e71d8c258d19e85bd4b427ef0b9612b047138d80c261211156_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-cluster-update-keys-rhel9@sha256:f70dc7e63a8bd8e71d8c258d19e85bd4b427ef0b9612b047138d80c261211156_amd64, openshift4/ose-cluster-update-keys-rhel9@sha256:f70dc7e63a8bd8e71d8c258d19e85bd4b427ef0b9612b047138d80c261211156_amd64 |
| Red Hat | openshift4/ose-cluster-autoscaler-rhel9@sha256:8dd509c91a1b59bc9437a5a3fc3b6cb049f856a24207331794c0226c27324b10_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-cluster-autoscaler-rhel9@sha256:8dd509c91a1b59bc9437a5a3fc3b6cb049f856a24207331794c0226c27324b10_ppc64le, openshift4/ose-cluster-autoscaler-rhel9@sha256:8dd509c91a1b59bc9437a5a3fc3b6cb049f856a24207331794c0226c27324b10_ppc64le |
| Red Hat | openshift4/ose-baremetal-rhel9-operator@sha256:853cf17d1c25db3e8dbca6172c01dd00bf58e77c4686bbc7fdd8781982911650_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-multus-networkpolicy-rhel9@sha256:48ae691c6f6680bca0738b8d0277b7d68811d9dba804d2a3e07e9852b78faaa9_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-multus-networkpolicy-rhel9@sha256:48ae691c6f6680bca0738b8d0277b7d68811d9dba804d2a3e07e9852b78faaa9_ppc64le, openshift4/ose-multus-networkpolicy-rhel9@sha256:48ae691c6f6680bca0738b8d0277b7d68811d9dba804d2a3e07e9852b78faaa9_ppc64le |
…and 887 more
Timeline
- Jun 4, 2025 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Jun 18, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:8299 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2348366 issue
- https://issues.redhat.com/browse/OCPBUGS-52590 advisory
- https://issues.redhat.com/browse/OCPBUGS-54344 advisory
- https://issues.redhat.com/browse/OCPBUGS-56547 advisory
- https://issues.redhat.com/browse/OCPBUGS-56657 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8299.json advisory
- https://access.redhat.com/security/cve/CVE-2025-22868 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-22868 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-22868 advisory
- https://go.dev/cl/652155 advisory
- https://go.dev/issue/71490 advisory
- https://pkg.go.dev/vuln/GO-2025-3488 advisory