VDB

RHSA-2026%3A17121

RHSA-2026%3A17121 PUBLISHED CVSS 7.5 HIGH

A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:5c3fb43dee6299526b4c48d8a4c0a551ce138ff468bec663a29b7f174f4f2d9d_amd64 as a component of multicluster engine for Kubernetes 2.8
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:319978f477315441f9bcfc8ecb40bde3ad84136d3e634627ce114b400263c593_ppc64le as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:cf5366023df8dafdc799931d295128ea6b80ef1c84da4fcdede321dd44676390_s390x as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatmulticluster engine for Kubernetes 2.8
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:5c3fb43dee6299526b4c48d8a4c0a551ce138ff468bec663a29b7f174f4f2d9d_amd64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatmulticluster-engine/assisted-service-8-rhel8
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:cf5366023df8dafdc799931d295128ea6b80ef1c84da4fcdede321dd44676390_s390x as a component of multicluster engine for Kubernetes 2.8
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9ed7a2abd8c1949da891af2e7cbec5fbb03a58acf76048078b03c5ead7f4d5cd_arm64 as a component of multicluster engine for Kubernetes 2.8*, *, *
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:cf5366023df8dafdc799931d295128ea6b80ef1c84da4fcdede321dd44676390_s390x
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:319978f477315441f9bcfc8ecb40bde3ad84136d3e634627ce114b400263c593_ppc64le as a component of multicluster engine for Kubernetes 2.8
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9ed7a2abd8c1949da891af2e7cbec5fbb03a58acf76048078b03c5ead7f4d5cd_arm64 as a component of multicluster engine for Kubernetes 2.8
Red Hatregistry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:319978f477315441f9bcfc8ecb40bde3ad84136d3e634627ce114b400263c593_ppc64le
Red Hat

Timeline

  • May 13, 2026 CVE Published
  • May 15, 2026 Distribution Patch
  • May 15, 2026 Distribution Patch
  • May 15, 2026 Security Advisory
  • May 15, 2026 Security Advisory
  • May 15, 2026 Security Advisory
  • May 15, 2026 Security Advisory
  • Jul 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›