Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat Advanced Cluster Security for Kubernetes 4.11

Source -

ADPCNA

CNA CVEs -

1

ADP CVEs -

8

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
9Vulnerabilities found

CVE-2026-9165
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.7||HIGH
EPSS-0.32% / 23.94%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 08:46
Updated-19 Jul, 2026 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Advanced Cluster Security 4.9Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Advanced Cluster Security for Kubernetes 4.11
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-39821
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.6||CRITICAL
EPSS-0.48% / 38.18%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 15:01
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".

Action-Not Available
Vendor-golang.org/x/netRed Hat, Inc.Go
Product-netgolang.org/x/net/idnaZero Trust Workload Identity Manager - Tech PreviewMachine Deletion Remediation OperatorRed Hat Connectivity Link 1Multiarch Tuning OperatorRed Hat Developer HubRed Hat Enterprise Linux AI 3.4Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorZero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Openshift Data Foundation 4.22Red Hat Web TerminalRed Hat OpenShift Service Mesh 2.6Red Hat OpenShift Container Platform 4.22streams for Apache Kafka 3Red Hat OpenShift Builds 1.8.1Red Hat 3scale API Management Platform 2DevWorkspace Operator 0.42Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability Operatormulticluster engine for Kubernetes 2.9Red Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Migration Toolkit for ContainersRed Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat OpenShift GitOps 1.20OpenShift ServerlessCompliance OperatorRed Hat Ceph Storage 9Migration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat OpenShift Dev Spaces 3.29Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Ceph Storage 8Cluster Observability Operator 1.5.0Red Hat Edge Manager 1.1multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmulticluster engine for Kubernetes 2.8Logical Volume Manager StorageFence Agents Remediation OperatorMulticluster Global Hub 1.4.5Red Hat Quay 3.9Red Hat Lightspeed for Runtimes OperatorRed Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Red Hat Edge Manager 1.0Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1289
Improper Validation of Unsafe Equivalence in Input
CVE-2026-46595
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-10||CRITICAL
EPSS-0.44% / 35.68%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Enterprise Linux AI 3.4Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Confidential Compute Attestationmulticluster engine for Kubernetes 2.8RHEM 1.1 for RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenShift Dev Spaces 3.29Red Hat Edge Manager 1.0Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-39829
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.71%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.6cert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Red Hat OpenShift on AWSmulticluster engine for Kubernetes 2.9Confidential Compute AttestationRHEM 1.1 for RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenShift Dev Spaces 3.29Red Hat Edge Manager 1.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-39830
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 41.42%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Confidential Compute AttestationRHEM 1.1 for RHEL 9Red Hat OpenShift Dev SpacesRed Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2026-39835
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 31.68%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsRed Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Confidential Compute AttestationRHEM 1.1 for RHEL 9Red Hat OpenShift Dev SpacesRed Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-39828
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.3||MEDIUM
EPSS-0.31% / 23.47%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.6cert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Red Hat OpenShift on AWSConfidential Compute AttestationRHEM 1.1 for RHEL 9Red Hat OpenShift Dev SpacesRed Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-42264
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.71% / 49.60%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 03:20
Updated-15 Jul, 2026 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request. This issue has been patched in version 1.15.2.

Action-Not Available
Vendor-axiosaxiosRed Hat, Inc.
Product-axiosaxiosRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Quay 3Red Hat Developer HubOpenShift PipelinesMulticluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.2Red Hat 3scale API Management Platform 2Red Hat Satellite 6streams for Apache Kafka 2Red Hat Discovery 2Network Observability OperatorRed Hat OpenShift AI (RHOAI)OpenShift Service Mesh 2Self-service automation portal 2Red Hat Trusted Profile AnalyzerRed Hat OpenShift Dev SpacesRed Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Fuse 7Gatekeeper 3Migration Toolkit for ContainersRed Hat Advanced Cluster Security for Kubernetes 4.11Red Hat build of Apicurio Registry 3Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat build of Apache Camel for Spring Boot 4Red Hat Enterprise Linux 9Red Hat Data Grid 8OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Migration Toolkit for Applications 8Red Hat AMQ Broker 7Red Hat OpenShift Container Platform 4
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVE-2026-33811
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.92%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonetRed Hat OpenShift GitOps 1.21Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Multiarch Tuning OperatorRed Hat Connectivity Link 1Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorZero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Web Terminalstreams for Apache Kafka 3Red Hat 3scale API Management Platform 2External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Migration Toolkit for ContainersRed Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat OpenShift GitOps 1.20OpenShift ServerlessRed Hat Ceph Storage 9Compliance OperatorOpenShift Source-to-Image (S2I)Migration Toolkit for Applications 8Red Hat Developer Hub 1.9OpenShift LightspeedRHEM 1.0 for RHEL 9Red Hat Edge Manager 1.0Power monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Edge Manager 1.1multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat OpenShift Dev SpacesRed Hat AMQ ClientsLogical Volume Manager StorageFence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Lightspeed for Runtimes OperatorRed Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubRed Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1341
Multiple Releases of Same Resource or Handle
CWE ID-CWE-415
Double Free