VDB
RHSA-2025%3A8301
RHSA-2025%3A8301
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-sriov-network-config-daemon-rhel9@sha256:856b55127386babf01cc49354b35886449bff8e8c9eff6d6fb3923d975a0da57_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-sriov-network-config-daemon-rhel9@sha256:856b55127386babf01cc49354b35886449bff8e8c9eff6d6fb3923d975a0da57_amd64 |
| Red Hat | openshift4/ose-baremetal-cluster-api-controllers-rhel9@sha256:ef39b1219ed8de8620f479eaaf0413ebee838511c706cadd5e8fed249c4fe123_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-baremetal-cluster-api-controllers-rhel9@sha256:ef39b1219ed8de8620f479eaaf0413ebee838511c706cadd5e8fed249c4fe123_ppc64le |
| Red Hat | openshift4/nmstate-console-plugin-rhel8@sha256:168b74080836414cbc343d1cfa74dd4e5a92b5767e7049757f2d014decfc5c08_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | openshift4/ose-local-storage-diskmaker-rhel9@sha256:9461135ff5a90f9f2602dfdebd735ccffc2f43f0c8b1d8673b26b9f19e05e40d_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel9@sha256:9c433125b25391ff46fbda8dc82059be4251958d50ba934136d8eb64d387f362_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/sriov-cni-rhel9@sha256:e8c6f3e3fae798539cc866e63988c4590e297d4aaeca652af854dff9b7cad074_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/sriov-cni-rhel9@sha256:e8c6f3e3fae798539cc866e63988c4590e297d4aaeca652af854dff9b7cad074_arm64 |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel9@sha256:dd4d8d3899974cf1cb8f8f4aea378e5a582eb5332efef2d74f13f40a2802e169_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-baremetal-cluster-api-controllers-rhel9@sha256:bacf3f81dcca91a9740d9f22f15bad535846a4b2245ec9efe4a904f986539bf3_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-sriov-network-device-plugin-rhel9@sha256:4c08444c90bb671ad2e6e5f7afdc401d98da8398090bfcf2d72836564cd91658_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/nmstate-console-plugin-rhel8@sha256:3bd4c4ea11089375923fc43c08a241c00d9e1723a81045bd5caec57ee4b536b8_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/nmstate-console-plugin-rhel8@sha256:3bd4c4ea11089375923fc43c08a241c00d9e1723a81045bd5caec57ee4b536b8_amd64 |
| Red Hat | openshift4/kubernetes-nmstate-rhel9-operator@sha256:294016049b514b4f87b0118b0322f29524a34e7f441e7eda56ed700256dcc5f6_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-cluster-nfd-rhel9-operator@sha256:b9ccf9f452f04fa76901a9f15fb17a3ec63ab5c9db65093537b0b56ce7680900_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/kubernetes-nmstate-rhel9-operator@sha256:5887950e620a318a9f05167883064099a92f23a22f4c2ab7155ee9185cd85d9c_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:79489cf474c1cb624785f6e58320e87fee0ff8769c16d2f225652194d1dd5394_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:79489cf474c1cb624785f6e58320e87fee0ff8769c16d2f225652194d1dd5394_ppc64le |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:1745a5ca40fb6ec07237723144f9ca52e2f9184c43f53b7170b119f23e1c0554_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:1745a5ca40fb6ec07237723144f9ca52e2f9184c43f53b7170b119f23e1c0554_ppc64le |
| Red Hat | openshift4/ose-sriov-network-config-daemon-rhel9@sha256:170fa8b2bdbabb272e8f1d2ee07f9abe268e61b1601fd8ef2c6a7160f2375ca2_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel9@sha256:bec87f854c4f44540f7744603d8326214e3dccdae8d59d3ad348659322f8759a_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-clusterresourceoverride-rhel9@sha256:bec87f854c4f44540f7744603d8326214e3dccdae8d59d3ad348659322f8759a_amd64 |
| Red Hat | openshift4/ose-local-storage-rhel9-operator@sha256:7cec3972abb47fb61679a19b7af51de0467211ff80d097bffa35c2cd0660fa06_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-ptp-rhel9-operator@sha256:62fd93e00d1470a9ff4ea0eaf43b290711362b2a25afefef1c20ec7cf814738a_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-ptp-rhel9-operator@sha256:62fd93e00d1470a9ff4ea0eaf43b290711362b2a25afefef1c20ec7cf814738a_arm64 |
| Red Hat | openshift4/ose-baremetal-cluster-api-controllers-rhel9@sha256:0e9a9070d685007eae988eb0eca2aedb709b01db4d7c990fc0596b032b874fc2_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | * |
…and 201 more
Timeline
- Jun 4, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 13, 2026 CVE Updated
References
- https://go.dev/cl/637536 advisory
- https://go.dev/issue/70906 advisory
- https://access.redhat.com/errata/RHSA-2025:8301 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8301.json advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45338 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338 advisory
- https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3333 advisory