VDB
RHSA-2026%3A33150
RHSA-2026%3A33150
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3 | * |
| Red Hat | registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 as a component of Red Hat OpenShift Service Mesh 3.3 | * |
…and 5 more
Timeline
- Jun 29, 2026 CVE Published
- Jul 2, 2026 CVE Updated
- Jul 2, 2026 Distribution Patch
- Jul 2, 2026 Distribution Patch
- Jul 2, 2026 Security Advisory
- Jul 2, 2026 Security Advisory
- Jul 2, 2026 Security Advisory
- Jul 2, 2026 Security Advisory
- Jul 2, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:33150 advisory
- https://access.redhat.com/security/cve/CVE-2026-33811 advisory
- https://access.redhat.com/security/cve/CVE-2026-33814 advisory
- https://access.redhat.com/security/cve/CVE-2026-39820 advisory
- https://access.redhat.com/security/cve/CVE-2026-42499 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33150.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2467822 issue
- https://www.cve.org/CVERecord?id=CVE-2026-33811 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-33811 advisory
- https://go.dev/cl/767860 advisory
- https://go.dev/issue/78803 advisory
- https://groups.google.com/g/golang-announce/c/qcCIEXso47M advisory
- https://pkg.go.dev/vuln/GO-2026-4981 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2467815 issue
- https://www.cve.org/CVERecord?id=CVE-2026-33814 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-33814 advisory
- https://go.dev/cl/761581 advisory
- https://go.dev/cl/761640 advisory
- https://go.dev/issue/78476 advisory
…and 13 more