VDB

RHSA-2026%3A26054

RHSA-2026%3A26054 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatosbuild-composer-tests-debuginfo-0:132.2-8.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-debugsource-0:132.2-8.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-worker-0:132.2-8.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-core-0:132.2-8.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-0:132.2-8.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-worker-0:132.2-8.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-debuginfo-0:132.2-8.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-debugsource-0:132.2-8.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-debuginfo-0:132.2-8.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-worker-debuginfo-0:132.2-8.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-core-debuginfo-0:132.2-8.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer
Red Hatosbuild-composer-worker-debuginfo-0:132.2-8.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-worker-0:132.2-8.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Gocrypto/x509
Red Hatosbuild-composer-debugsource-0:132.2-8.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-debuginfo-0:132.2-8.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9
Red Hatosbuild-composer-core-0:132.2-8.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)132.2-8.el9, 132.2-8.el9, 132.2-8.el9

…and 18 more

Timeline

  • Jun 15, 2026 CVE Published
  • Jun 16, 2026 Distribution Patch
  • Jun 16, 2026 Distribution Patch
  • Jun 16, 2026 Security Advisory
  • Jun 16, 2026 Security Advisory
  • Jun 16, 2026 Security Advisory
  • Jul 3, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›