RHSA-2022:6430MediumCVSS 7.5
Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update
🔗 CVE IDs covered (8)
📋 Description
CVE-2022-1705 — golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1962 — golang: go/parser: stack exhaustion in all Parse* functions CVE-2022-21698 — prometheus/client_golang: Denial of service using InstrumentHandlerCounter CVE-2022-24675 — golang: encoding/pem: fix stack overflow in Decode CVE-2022-30629 — golang: crypto/tls: session tickets lack random ticket_age_add CVE-2022-30630 — golang: io/fs: stack exhaustion in Glob CVE-2022-30631 — golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-32148 — golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2022:6430
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2045880
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2077688
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2092793
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107342
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107371
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107374
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107376
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107383
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6430.json