Filtered by vendor Redhat
Subscriptions
Filtered by product Rhmt
Subscriptions
Total
136 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26115 | 2 Redhat, Word-wrap Project | 7 Logging, Network Observ Optr, Openshift and 4 more | 2025-02-13 | 5.3 Medium |
| All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable. | ||||
| CVE-2023-45290 | 1 Redhat | 19 Advanced Cluster Security, Ansible Automation Platform, Cryostat and 16 more | 2025-02-13 | 6.5 Medium |
| When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. | ||||
| CVE-2023-45289 | 1 Redhat | 12 Advanced Cluster Security, Enterprise Linux, Logging and 9 more | 2025-02-13 | 4.3 Medium |
| When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. | ||||
| CVE-2023-45288 | 3 Go Standard Library, Golang, Redhat | 31 Net\/http, Http2, Acm and 28 more | 2025-02-13 | 7.5 High |
| An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. | ||||
| CVE-2023-39325 | 4 Fedoraproject, Golang, Netapp and 1 more | 53 Fedora, Go, Http2 and 50 more | 2025-02-13 | 7.5 High |
| A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. | ||||
| CVE-2023-39322 | 3 Go Standard Library, Golang, Redhat | 18 Crypto Tls, Go, Acm and 15 more | 2025-02-13 | 7.5 High |
| QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size. | ||||
| CVE-2023-39321 | 2 Golang, Redhat | 17 Go, Acm, Ansible Automation Platform and 14 more | 2025-02-13 | 7.5 High |
| Processing an incomplete post-handshake message for a QUIC connection can cause a panic. | ||||
| CVE-2023-39319 | 2 Golang, Redhat | 15 Go, Acm, Enterprise Linux and 12 more | 2025-02-13 | 6.1 Medium |
| The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. | ||||
| CVE-2023-39318 | 2 Golang, Redhat | 15 Go, Acm, Enterprise Linux and 12 more | 2025-02-13 | 6.1 Medium |
| The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. | ||||
| CVE-2023-29409 | 2 Golang, Redhat | 20 Go, Ansible Automation Platform, Cert Manager and 17 more | 2025-02-13 | 5.3 Medium |
| Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. | ||||
| CVE-2023-29406 | 2 Golang, Redhat | 19 Go, Advanced Cluster Security, Cryostat and 16 more | 2025-02-13 | 6.5 Medium |
| The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. | ||||
| CVE-2023-26136 | 2 Redhat, Salesforce | 8 Acm, Jboss Enterprise Application Platform, Logging and 5 more | 2025-02-13 | 6.5 Medium |
| Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. | ||||
| CVE-2023-24538 | 2 Golang, Redhat | 21 Go, Advanced Cluster Security, Ansible Automation Platform and 18 more | 2025-02-13 | 9.8 Critical |
| Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. | ||||
| CVE-2023-24537 | 2 Golang, Redhat | 21 Go, Advanced Cluster Security, Ansible Automation Platform and 18 more | 2025-02-13 | 7.5 High |
| Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. | ||||
| CVE-2023-24536 | 2 Golang, Redhat | 19 Go, Advanced Cluster Security, Ansible Automation Platform and 16 more | 2025-02-13 | 7.5 High |
| Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. | ||||
| CVE-2023-24534 | 2 Golang, Redhat | 22 Go, Advanced Cluster Security, Ansible Automation Platform and 19 more | 2025-02-13 | 7.5 High |
| HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. | ||||
| CVE-2022-41723 | 2 Golang, Redhat | 22 Go, Hpack, Http2 and 19 more | 2025-02-13 | 7.5 High |
| A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | ||||
| CVE-2022-41717 | 3 Fedoraproject, Golang, Redhat | 25 Fedora, Go, Http2 and 22 more | 2025-02-13 | 5.3 Medium |
| An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. | ||||
| CVE-2022-41715 | 2 Golang, Redhat | 24 Go, Acm, Ceph Storage and 21 more | 2025-02-13 | 7.5 High |
| Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | ||||
| CVE-2022-2880 | 2 Golang, Redhat | 20 Go, Acm, Ceph Storage and 17 more | 2025-02-13 | 7.5 High |
| Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. | ||||