RHSA-2025:11889
Vulnerability from csaf_redhat - Published: 2025-07-28 10:55 - Updated: 2026-01-25 09:17Summary
Red Hat Security Advisory: 7.1 container image is now available in the Red Hat Ecosystem Catalog.
Notes
Topic
Updated rhceph-7.1 container image is now available in the Red Hat Ecosystem Catalog.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 7.1 and Red Hat Enterprise Linux 8.10, 9.4, 9.5.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://docs.redhat.com/en/documentation/red_hat_ceph_storage/7/html/7.1_release_notes
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides security and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhceph-7.1 container image is now available in the Red Hat Ecosystem Catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. \n \nThis new container image is based on Red Hat Ceph Storage 7.1 and Red Hat Enterprise Linux 8.10, 9.4, 9.5.\n \nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/7/html/7.1_release_notes\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides security and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11889",
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "external",
"summary": "2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11889.json"
}
],
"title": "Red Hat Security Advisory: 7.1 container image is now available in the Red Hat Ecosystem Catalog.",
"tracking": {
"current_release_date": "2026-01-25T09:17:36+00:00",
"generator": {
"date": "2026-01-25T09:17:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2025:11889",
"initial_release_date": "2025-07-28T10:55:23+00:00",
"revision_history": [
{
"date": "2025-07-28T10:55:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-28T10:55:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-25T09:17:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 7.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:7.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"product": {
"name": "rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"product_id": "rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel10\u0026tag=11.6.2-7"
}
}
},
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"product": {
"name": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"product_id": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-7"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-74"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-41"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"product": {
"name": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"product_id": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=7-532"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-76"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-124"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"product": {
"name": "rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"product_id": "rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel10\u0026tag=11.6.2-7"
}
}
},
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"product": {
"name": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"product_id": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-7"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-74"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-41"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"product": {
"name": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"product_id": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=7-532"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-76"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-124"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"product": {
"name": "rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"product_id": "rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel10\u0026tag=11.6.2-7"
}
}
},
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"product_id": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-7"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-74"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-41"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"product": {
"name": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"product_id": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=7-532"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-76"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-124"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x"
},
"product_reference": "rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le"
},
"product_reference": "rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64"
},
"product_reference": "rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x"
},
"product_reference": "rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le"
},
"product_reference": "rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64"
},
"product_reference": "rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x"
},
"product_reference": "rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le"
},
"product_reference": "rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-07-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2295310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Denial of service due to improper 100-continue handling in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker would need to control a malicious server and induce a client to connect to it, requiring some amount of preparation outside of the attacker\u0027s control. This reduces the severity score of this flaw to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24791"
},
{
"category": "external",
"summary": "RHBZ#2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791"
},
{
"category": "external",
"summary": "https://go.dev/cl/591255",
"url": "https://go.dev/cl/591255"
},
{
"category": "external",
"summary": "https://go.dev/issue/67555",
"url": "https://go.dev/issue/67555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ",
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
}
],
"release_date": "2024-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Denial of service due to improper 100-continue handling in net/http"
},
{
"cve": "CVE-2024-53382",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-03-03T07:00:37.175156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the prism-autoloader plugin of the Prism library. The prism-autoloader plugin uses `document.currentScript` as the base URL for dynamically loading other dependencies and, in certain circumstances, can be vulnerable to a DOM Clobbering attack. This issue could lead to Cross-site scripting (XSS) attacks on web pages that embed Prism and allow users to inject scriptless HTML elements, such as an `img` tag with a controlled `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53382"
},
{
"category": "external",
"summary": "RHBZ#2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382"
},
{
"category": "external",
"summary": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660",
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"category": "external",
"summary": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259",
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
}
],
"release_date": "2025-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin"
},
{
"cve": "CVE-2025-22865",
"cwe": {
"id": "CWE-228",
"name": "Improper Handling of Syntactically Invalid Structure"
},
"discovery_date": "2025-01-28T02:00:52.745155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects only the Go 1.24 release candidates. Red Hat products do not utilize Go 1.24, except Red Hat Ceph Storage 8 which includes a Grafana container that uses Go 1.24 and is therefore affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22865"
},
{
"category": "external",
"summary": "RHBZ#2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865"
},
{
"category": "external",
"summary": "https://go.dev/cl/643098",
"url": "https://go.dev/cl/643098"
},
{
"category": "external",
"summary": "https://go.dev/issue/71216",
"url": "https://go.dev/issue/71216"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3421",
"url": "https://pkg.go.dev/vuln/GO-2025-3421"
}
],
"release_date": "2025-01-28T01:03:25.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-28T10:55:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11889"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel10@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:4d77ac1b0dd4d16cf8e9d783c45ab21ca36d5e667e9c2d8fd930ea70a130a4a8_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:6cda0f988f558e6b84bfd3f5f9cc4714dccc31ea8084426a599ab5bf7463790b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:88df9536f8c989d2f2d7ba76a23ec1fb5e7e10ed6867dc5410f7a4a6fbb4957d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:22c99821cffab668e9a439e8cdc87fe5558a8c1e9c968073c47ffd2ac4000384_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:721d699e4e760184f55c07fc1e6353f415c031e6cb152292f75842bc2f2c87a7_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:b43581af4184e107019a325ccdf5c4678a1a3f146a2707a51276cd5719286ac9_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:43e2fd3e4c33b6fde8b27dde23d67bf0e1c951c729f3ea371c666fb5959a9424_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:474278d28a1b50342b0aa2119eca426f92d12229eac2d74f1d1133d30c609f7a_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:6c77851d97bf4b24d16c29b002ee1ee7fc1bc29df8e314b6f2d5e421ed92ec0a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:3a3ec2a0cc16b62a99fdf4a84e08a07f78ca9d06707d5bc5d908dd6b78697c43_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:abb5ef5afaa23055c293a3b85e699912c80348942a6b4f78ce7b18e784bdfaf7_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:fd3389ccf403e9c4aa46b48b7b38634af10487ae3e3eedb82963aa66eccf24bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:6bd085dd5271317648995304eed0b4c6f1d7f1e7812f49b87f140d77d90f7a2a_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:d7ac1a07b8868ca0cc9f71e985724cce448b55618bd2e4e1dba910c46573f34e_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:e39c4a658b123efe01f57fd7968ecc077fdb06397ed69183d06fcd9f473f9b4b_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:4dc115f65dc347ee3dd69a19a9d7768267e97fceba905dd51710ce7651e55593_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:dc9e3653e236d0c5409f7faf45ea6c0036d2647d22afeee09c76ea0dc0ff30bb_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:f0c247741c38681ba3dd2d995a686ded153542912c05281587bebac1d675c2f0_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…