Vulnerability-Lookup

RHSA-2026:5394

Vulnerability from csaf_redhat - Published: 2026-03-23 13:04 - Updated: 2026-03-31 22:57

Summary

Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 director Operator container images

Severity

Important

Notes

Topic: Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 (Wallaby) for RHEL 9.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a RHOSP cloud within OpenShift Container Platform (OCP). Security Fixes: * Unexpected session resumption in crypto/tls (CVE-2025-68121) * Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729) * Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-58183

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Vendor Fix The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the 'podman pull' command. For more information about the images, search the image name in the Red Hat Ecosystem Catalog. https://access.redhat.com/errata/RHSA-2026:5394

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVE-2025-61726

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Workaround Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

CVE-2025-61729

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1050 - Excessive Platform Resource Consumption within a Loop

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:5394	self
	https://access.redhat.com/security/cve/CVE-2025-58183	external
	https://access.redhat.com/security/cve/CVE-2025-61726	external
	https://access.redhat.com/security/cve/CVE-2025-61729	external
	https://access.redhat.com/security/cve/CVE-2025-68121	external
	https://access.redhat.com/security/updates/classi…	external
	https://catalog.redhat.com/software/containers/search	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2025-58183	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2407258	external
	https://www.cve.org/CVERecord?id=CVE-2025-58183	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	external
	https://go.dev/cl/709861	external
	https://go.dev/issue/75677	external
	https://groups.google.com/g/golang-announce/c/4Em…	external
	https://pkg.go.dev/vuln/GO-2025-4014	external
	https://access.redhat.com/security/cve/CVE-2025-61726	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2434432	external
	https://www.cve.org/CVERecord?id=CVE-2025-61726	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	external
	https://go.dev/cl/736712	external
	https://go.dev/issue/77101	external
	https://groups.google.com/g/golang-announce/c/Vd2…	external
	https://pkg.go.dev/vuln/GO-2026-4341	external
	https://access.redhat.com/security/cve/CVE-2025-61729	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2418462	external
	https://www.cve.org/CVERecord?id=CVE-2025-61729	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	external
	https://go.dev/cl/725920	external
	https://go.dev/issue/76445	external
	https://groups.google.com/g/golang-announce/c/8FJ…	external
	https://pkg.go.dev/vuln/GO-2025-4155	external
	https://access.redhat.com/security/cve/CVE-2025-68121	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2437111	external
	https://www.cve.org/CVERecord?id=CVE-2025-68121	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-68121	external
	https://go.dev/cl/737700	external
	https://go.dev/issue/77217	external
	https://groups.google.com/g/golang-announce/c/K09…	external
	https://pkg.go.dev/vuln/GO-2026-4337	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 (Wallaby) for RHEL 9.2.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware.\n\nThe Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a RHOSP cloud within OpenShift Container Platform (OCP).\n\nSecurity Fixes:\n * Unexpected session resumption in crypto/tls (CVE-2025-68121)\n * Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n * Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)\n * Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:5394",
        "url": "https://access.redhat.com/errata/RHSA-2026:5394"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
        "url": "https://access.redhat.com/security/cve/CVE-2025-58183"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
        "url": "https://access.redhat.com/security/cve/CVE-2025-68121"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/software/containers/search",
        "url": "https://catalog.redhat.com/software/containers/search"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5394.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 director Operator container images",
    "tracking": {
      "current_release_date": "2026-03-31T22:57:07+00:00",
      "generator": {
        "date": "2026-03-31T22:57:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2026:5394",
      "initial_release_date": "2026-03-23T13:04:11+00:00",
      "revision_history": [
        {
          "date": "2026-03-23T13:04:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-03-23T13:04:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-31T22:57:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 17.1",
                "product": {
                  "name": "Red Hat OpenStack Platform 17.1",
                  "product_id": "Red Hat OpenStack Platform 17.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:17.1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
                "product": {
                  "name": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
                  "product_id": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osp-director-agent@sha256%3A104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9\u0026tag=1773255177"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
                "product": {
                  "name": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
                  "product_id": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osp-director-downloader@sha256%3Adfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9\u0026tag=1773255141"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
                "product": {
                  "name": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
                  "product_id": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osp-director-operator-bundle@sha256%3A9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9\u0026tag=1773259990"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64",
                "product": {
                  "name": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64",
                  "product_id": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osp-director-operator@sha256%3A6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9\u0026tag=1773255175"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64 as a component of Red Hat OpenStack Platform 17.1",
          "product_id": "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
        },
        "product_reference": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
        "relates_to_product_reference": "Red Hat OpenStack Platform 17.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64 as a component of Red Hat OpenStack Platform 17.1",
          "product_id": "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64"
        },
        "product_reference": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
        "relates_to_product_reference": "Red Hat OpenStack Platform 17.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64 as a component of Red Hat OpenStack Platform 17.1",
          "product_id": "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
        },
        "product_reference": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
        "relates_to_product_reference": "Red Hat OpenStack Platform 17.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64 as a component of Red Hat OpenStack Platform 17.1",
          "product_id": "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
        },
        "product_reference": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64",
        "relates_to_product_reference": "Red Hat OpenStack Platform 17.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-58183",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-10-29T23:01:50.573951+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2407258"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-58183"
        },
        {
          "category": "external",
          "summary": "RHBZ#2407258",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/709861",
          "url": "https://go.dev/cl/709861"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/75677",
          "url": "https://go.dev/issue/75677"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
          "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4014",
          "url": "https://pkg.go.dev/vuln/GO-2025-4014"
        }
      ],
      "release_date": "2025-10-29T22:10:14.376000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-23T13:04:11+00:00",
          "details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \u0027podman pull\u0027 command.\n\nFor more information about the images, search the image name in the Red Hat Ecosystem Catalog.",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:5394"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
    },
    {
      "cve": "CVE-2025-61726",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-28T20:01:42.791305+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2434432"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "RHBZ#2434432",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/736712",
          "url": "https://go.dev/cl/736712"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77101",
          "url": "https://go.dev/issue/77101"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4341",
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "release_date": "2026-01-28T19:30:31.215000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-23T13:04:11+00:00",
          "details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \u0027podman pull\u0027 command.\n\nFor more information about the images, search the image name in the Red Hat Ecosystem Catalog.",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:5394"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "cve": "CVE-2025-61729",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2025-12-02T20:01:45.330964+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/725920",
          "url": "https://go.dev/cl/725920"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76445",
          "url": "https://go.dev/issue/76445"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4155",
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "release_date": "2025-12-02T18:54:10.166000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-23T13:04:11+00:00",
          "details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \u0027podman pull\u0027 command.\n\nFor more information about the images, search the image name in the Red Hat Ecosystem Catalog.",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:5394"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "cve": "CVE-2025-68121",
      "discovery_date": "2026-02-05T18:01:30.086058+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2437111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/tls: Unexpected session resumption in crypto/tls",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
          "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "RHBZ#2437111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/737700",
          "url": "https://go.dev/cl/737700"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77217",
          "url": "https://go.dev/issue/77217"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4337",
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "release_date": "2026-02-05T17:48:44.141000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-23T13:04:11+00:00",
          "details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \u0027podman pull\u0027 command.\n\nFor more information about the images, search the image name in the Red Hat Ecosystem Catalog.",
          "product_ids": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:5394"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
            "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "crypto/tls: Unexpected session resumption in crypto/tls"
    }
  ]
}

CVE-2025-61729 (GCVE-0-2025-61729)

Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37

Title

Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Summary

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/725920
	https://go.dev/issue/76445
	https://groups.google.com/g/golang-announce/c/8FJ…
	https://pkg.go.dev/vuln/GO-2025-4155

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/x509	Affected: 0 , < 1.24.11 (semver) Affected: 1.25.0 , < 1.25.5 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T21:52:36.341575Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T21:52:58.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "Certificate.VerifyHostname"
            },
            {
              "name": "Certificate.Verify"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.5",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T19:37:14.903Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/725920"
        },
        {
          "url": "https://go.dev/issue/76445"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61729",
    "datePublished": "2025-12-02T18:54:10.166Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2025-12-03T19:37:14.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61726 (GCVE-0-2025-61726)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:31

Title

Memory exhaustion in query parameter parsing in net/url

Summary

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/736712
	https://go.dev/issue/77101
	https://groups.google.com/g/golang-announce/c/Vd2…
	https://pkg.go.dev/vuln/GO-2026-4341

Impacted products

	Vendor	Product	Version
	Go standard library	net/url	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

jub0bs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61726",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:31:39.150633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:31:59.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/url",
          "product": "net/url",
          "programRoutines": [
            {
              "name": "parseQuery"
            },
            {
              "name": "ParseQuery"
            },
            {
              "name": "URL.Query"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jub0bs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.215Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736712"
        },
        {
          "url": "https://go.dev/issue/77101"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "title": "Memory exhaustion in query parameter parsing in net/url"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61726",
    "datePublished": "2026-01-28T19:30:31.215Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:31:59.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58183 (GCVE-0-2025-58183)

Vulnerability from cvelistv5 – Published: 2025-10-29 22:10 – Updated: 2025-11-04 21:13

Title

Unbounded allocation when parsing GNU sparse map in archive/tar

Summary

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/709861
	https://go.dev/issue/75677
	https://groups.google.com/g/golang-announce/c/4Em…
	https://pkg.go.dev/vuln/GO-2025-4014

Impacted products

	Vendor	Product	Version
	Go standard library	archive/tar	Affected: 0 , < 1.24.8 (semver) Affected: 1.25.0 , < 1.25.2 (semver)

Credits

Harshit Gupta (Mr HAX)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-58183",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-30T14:22:41.219110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:56:37.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:13:32.834Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/08/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "archive/tar",
          "product": "archive/tar",
          "programRoutines": [
            {
              "name": "readGNUSparseMap1x0"
            },
            {
              "name": "Reader.Next"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.2",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Harshit Gupta (Mr HAX)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T22:10:14.376Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/709861"
        },
        {
          "url": "https://go.dev/issue/75677"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4014"
        }
      ],
      "title": "Unbounded allocation when parsing GNU sparse map in archive/tar"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-58183",
    "datePublished": "2025-10-29T22:10:14.376Z",
    "dateReserved": "2025-08-27T14:50:58.691Z",
    "dateUpdated": "2025-11-04T21:13:32.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68121 (GCVE-0-2025-68121)

Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-02-20 16:05

Title

Unexpected session resumption in crypto/tls

Summary

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-295 - Improper Certificate Validation

Assigner

References

URL

Tags

	https://groups.google.com/g/golang-announce/c/K09…
	https://go.dev/cl/737700
	https://go.dev/issue/77217
	https://pkg.go.dev/vuln/GO-2026-4337

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/tls	Affected: 0 , < 1.24.13 (semver) Affected: 1.25.0-0 , < 1.25.7 (semver) Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver)

Credits

Coia Prant (github.com/rbqvq) Go Security Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-68121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-20T16:05:03.924102Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-20T16:05:07.679Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "Conn.handshakeContext"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            },
            {
              "name": "QUICConn.Start"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.7",
              "status": "affected",
              "version": "1.25.0-0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0-rc.3",
              "status": "affected",
              "version": "1.26.0-rc.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Coia Prant (github.com/rbqvq)"
        },
        {
          "lang": "en",
          "value": "Go Security Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T17:48:44.141Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "url": "https://go.dev/cl/737700"
        },
        {
          "url": "https://go.dev/issue/77217"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "title": "Unexpected session resumption in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68121",
    "datePublished": "2026-02-05T17:48:44.141Z",
    "dateReserved": "2025-12-15T16:48:04.451Z",
    "dateUpdated": "2026-02-20T16:05:07.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:5394

CVE-2025-61729 (GCVE-0-2025-61729)

CVE-2025-61726 (GCVE-0-2025-61726)

CVE-2025-58183 (GCVE-0-2025-58183)

CVE-2025-68121 (GCVE-0-2025-68121)

Tags

Sightings

Nomenclature