RHSA-2022:2217MediumCVSS 8.3
Red Hat Security Advisory: Red Hat OpenShift Logging Security and Bug update Release 5.3.7
🔗 CVE IDs covered (5)
📋 Description
CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2021-43797 — netty: control chars in header names may lead to HTTP request smuggling CVE-2022-0759 — kubeclient: kubeconfig parsing error can lead to MITM attacks CVE-2022-21698 — prometheus/client_golang: Denial of service using InstrumentHandlerCounter
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2022:2217
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2031958
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2045880
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2058404
- externalhttps://issues.redhat.com/browse/LOG-2334
- externalhttps://issues.redhat.com/browse/LOG-2450
- externalhttps://issues.redhat.com/browse/LOG-2481
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2217.json