VDB

RHSA-2026%3A20571

RHSA-2026%3A20571 PUBLISHED CVSS 7.5 HIGH

A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatskopeo-debuginfo-2:1.18.1-3.el10_0.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-2:1.18.1-3.el10_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
GoGo
golangGo
Red Hatskopeo-debugsource-2:1.18.1-3.el10_0.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-debugsource-2:1.18.1-3.el10_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
golanggo
Red Hatskopeo-tests-2:1.18.1-3.el10_0.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-debuginfo-2:1.18.1-3.el10_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-2:1.18.1-3.el10_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-2:1.18.1-3.el10_0.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-debuginfo-2:1.18.1-3.el10_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-debugsource-2:1.18.1-3.el10_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-2:1.18.1-3.el10_0.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-tests-2:1.18.1-3.el10_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-debugsource-2:1.18.1-3.el10_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-2:1.18.1-3.el10_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10
Red Hatskopeo-debuginfo-2:1.18.1-3.el10_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)1.18.1-3.el10, 1.18.1-3.el10, 1.18.1-3.el10

…and 2 more

Timeline

  • May 26, 2026 CVE Published
  • May 28, 2026 Distribution Patch
  • May 28, 2026 Distribution Patch
  • May 28, 2026 Security Advisory
  • May 28, 2026 Security Advisory
  • May 28, 2026 Security Advisory
  • May 28, 2026 Security Advisory
  • Jun 23, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›