VDB
RHSA-2025%3A9761
RHSA-2025%3A9761
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64 |
| Red Hat | openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64 |
| Red Hat | openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64 |
| Red Hat | openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64 |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64 |
| Red Hat | openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | * |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le |
| Red Hat | openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64 |
| Red Hat | openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le |
| Red Hat | openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x |
| Red Hat | openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le |
| Red Hat | openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
…and 296 more
Timeline
- Jul 2, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jul 5, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:9761 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2333122 issue
- https://issues.redhat.com/browse/OCPBUGS-55953 advisory
- https://issues.redhat.com/browse/OCPBUGS-56135 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9761.json advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-45338 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45338 advisory
- https://go.dev/cl/637536 advisory
- https://go.dev/issue/70906 advisory
- https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3333 advisory