RHSA-2022:1276HighCVSS 9.4

Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update

Published
April 7, 2022
Last Modified
June 30, 2026

🔗 CVE IDs covered (16)

📋 Description

CVE-2020-28851 — golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension CVE-2020-28852 — golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2021-3121 — gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation CVE-2021-3749 — nodejs-axios: Regular expression denial of service in trim function CVE-2021-29482 — ulikunitz/xz: Infinite loop in readUvarint allows for denial of service CVE-2021-29923 — golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-36221 — golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-43565 — golang.org/x/crypto: empty plaintext packet causes panic CVE-2021-43824 — envoy: Null pointer dereference when using JWT filter safe_regex match CVE-2021-43825 — envoy: Use-after-free when response filters increase response data CVE-2021-43826 — envoy: Use-after-free when tunneling TCP over HTTP CVE-2022-21654 — envoy: Incorrect configuration handling allows mTLS session re-use without re-validation CVE-2022-21655 — envoy: Incorrect handling of internal redirects to routes with a direct response entry CVE-2022-23606 — envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service CVE-2022-23635 — istio: unauthenticated control plane denial of service attack CVE-2022-24726 — istio: Unauthenticated control plane denial of service attack due to stack exhaustion

🔗 References (19)