VDB
RHSA-2026%3A2762
RHSA-2026%3A2762
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le as a component of Red Hat Quay 3.1 | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le, registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le, registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le |
| Red Hat | registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 as a component of Red Hat Quay 3.1 | registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64, registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64, * |
| Red Hat | registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le as a component of Red Hat Quay 3.1 | registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le, registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le, * |
| Red Hat | Red Hat Quay | |
| Red Hat | registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le as a component of Red Hat Quay 3.1 | registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le, registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le, registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le |
| Red Hat | registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le as a component of Red Hat Quay 3.1 | |
| Red Hat | registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x as a component of Red Hat Quay 3.1 | *, registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x, * |
| Red Hat | ||
| Red Hat | registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 as a component of Red Hat Quay 3.1 | *, registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64, registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 |
| Red Hat | registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le as a component of Red Hat Quay 3.1 | registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le, *, registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le |
| Red Hat | registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 as a component of Red Hat Quay 3.1 | *, registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64, * |
| Red Hat | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 as a component of Red Hat Quay 3.10 | *, *, * |
| Red Hat | Quay | |
| Red Hat | registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le as a component of Red Hat Quay 3.10 | *, *, * |
| Red Hat | registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 as a component of Red Hat Quay 3.1 | registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64, *, registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 |
| golang | Go | |
| Red Hat | registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le as a component of Red Hat Quay 3.1 | registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le, registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le, * |
| Red Hat | registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 as a component of Red Hat Quay 3.1 | registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64, registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64, * |
| Red Hat | registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x as a component of Red Hat Quay 3.10 | *, *, * |
| Red Hat | registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le as a component of Red Hat Quay 3.1 | *, *, * |
…and 53 more
Timeline
- Feb 16, 2026 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:2762 advisory
- https://access.redhat.com/security/cve/CVE-2024-34156 advisory
- https://access.redhat.com/security/cve/CVE-2024-45337 advisory
- https://access.redhat.com/security/cve/CVE-2024-45338 advisory
- https://access.redhat.com/security/cve/CVE-2025-12816 advisory
- https://access.redhat.com/security/cve/CVE-2025-15284 advisory
- https://access.redhat.com/security/cve/CVE-2025-52881 advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 advisory
- https://access.redhat.com/security/cve/CVE-2025-65945 advisory
- https://access.redhat.com/security/cve/CVE-2025-66031 advisory
- https://access.redhat.com/security/cve/CVE-2025-66418 advisory
- https://access.redhat.com/security/cve/CVE-2025-66471 advisory
- https://access.redhat.com/security/cve/CVE-2025-66506 advisory
- https://access.redhat.com/security/cve/CVE-2026-21441 advisory
- https://access.redhat.com/security/cve/CVE-2026-24049 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2762.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2310528 issue
- https://www.cve.org/CVERecord?id=CVE-2024-34156 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-34156 advisory
…and 80 more