Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-16845 (GCVE-0-2020-16845)
Vulnerability from cvelistv5 – Published: 2020-08-06 17:03 – Updated: 2024-08-04 13:45- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:45:33.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q"
},
{
"name": "openSUSE-SU-2020:1178",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html"
},
{
"name": "openSUSE-SU-2020:1194",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html"
},
{
"name": "FEDORA-2020-e384830a0d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/"
},
{
"name": "FEDORA-2020-deff052e7a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/"
},
{
"name": "FEDORA-2020-a55f130272",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/"
},
{
"name": "FEDORA-2020-b190375a37",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/"
},
{
"name": "openSUSE-SU-2020:1405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html"
},
{
"name": "openSUSE-SU-2020:1407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html"
},
{
"name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html"
},
{
"name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html"
},
{
"name": "DSA-4848",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200924-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q"
},
{
"name": "openSUSE-SU-2020:1178",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html"
},
{
"name": "openSUSE-SU-2020:1194",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html"
},
{
"name": "FEDORA-2020-e384830a0d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/"
},
{
"name": "FEDORA-2020-deff052e7a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/"
},
{
"name": "FEDORA-2020-a55f130272",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/"
},
{
"name": "FEDORA-2020-b190375a37",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/"
},
{
"name": "openSUSE-SU-2020:1405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html"
},
{
"name": "openSUSE-SU-2020:1407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html"
},
{
"name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html"
},
{
"name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html"
},
{
"name": "DSA-4848",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200924-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q"
},
{
"name": "openSUSE-SU-2020:1178",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html"
},
{
"name": "openSUSE-SU-2020:1194",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html"
},
{
"name": "FEDORA-2020-e384830a0d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/"
},
{
"name": "FEDORA-2020-deff052e7a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/"
},
{
"name": "FEDORA-2020-a55f130272",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/"
},
{
"name": "FEDORA-2020-b190375a37",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/"
},
{
"name": "openSUSE-SU-2020:1405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html"
},
{
"name": "openSUSE-SU-2020:1407",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html"
},
{
"name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html"
},
{
"name": "[debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html"
},
{
"name": "DSA-4848",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4848"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200924-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200924-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16845",
"datePublished": "2020-08-06T17:03:33.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:45:33.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-16845",
"date": "2026-07-18",
"epss": "0.0473",
"percentile": "0.90843"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.13.15\", \"matchCriteriaId\": \"C9F4422E-27A3-474D-A4AF-0BEE8AD7293C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.14\", \"versionEndExcluding\": \"1.14.7\", \"matchCriteriaId\": \"9A59FA2E-0F06-4EDF-9E8C-32D6F656EB54\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.\"}, {\"lang\": \"es\", \"value\": \"Go versiones anteriores a 1.13.15 y versiones 14.x anteriores a 1.14.7, puede presentar un bucle de lectura infinito en las funciones ReadUvarint y ReadVarint en encoding/binary por medio de entradas no v\\u00e1lidas\"}]",
"id": "CVE-2020-16845",
"lastModified": "2024-11-21T05:07:15.297",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-08-06T18:15:13.700",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200924-0002/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4848\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200924-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4848\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-16845\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-08-06T18:15:13.700\",\"lastModified\":\"2024-11-21T05:07:15.297\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.\"},{\"lang\":\"es\",\"value\":\"Go versiones anteriores a 1.13.15 y versiones 14.x anteriores a 1.14.7, puede presentar un bucle de lectura infinito en las funciones ReadUvarint y ReadVarint en encoding/binary por medio de entradas no v\u00e1lidas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.13.15\",\"matchCriteriaId\":\"C9F4422E-27A3-474D-A4AF-0BEE8AD7293C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14\",\"versionEndExcluding\":\"1.14.7\",\"matchCriteriaId\":\"9A59FA2E-0F06-4EDF-9E8C-32D6F656EB54\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200924-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4848\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200924-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4848\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-06-28T12:00:57+00:00",
"cve": "CVE-2020-16845",
"id": "CVE-2020-16845",
"initial_release_date": "2020-08-06T00:00:00+00:00",
"product_status:fixed": "681",
"product_status:known_affected": "212",
"product_status:known_not_affected": "1218",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-16845.json",
"version": "3"
}
}
}
RHSA-2021_4103
Vulnerability from csaf_redhat - Published: 2021-11-02 17:36 - Updated: 2024-11-22 16:37A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64 | — |
Vendor Fix
fix
|
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64 | — |
Vendor Fix
fix
|
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform. \n\nThis advisory contains OpenShift Virtualization 4.9.0 RPMs.\n\nSecurity Fix(es):\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4103",
"url": "https://access.redhat.com/errata/RHSA-2021:4103"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1856953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
},
{
"category": "external",
"summary": "1867099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
},
{
"category": "external",
"summary": "1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "1981345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981345"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4103.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.9.0 RPMs security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T16:37:41+00:00",
"generator": {
"date": "2024-11-22T16:37:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:4103",
"initial_release_date": "2021-11-02T17:36:11+00:00",
"revision_history": [
{
"date": "2021-11-02T17:36:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-02T17:36:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:37:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.9 for RHEL 7",
"product": {
"name": "CNV 4.9 for RHEL 7",
"product_id": "7Server-CNV-4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el7"
}
}
},
{
"category": "product_name",
"name": "CNV 4.9 for RHEL 8",
"product": {
"name": "CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-0:4.9.0-287.el7.src",
"product": {
"name": "kubevirt-0:4.9.0-287.el7.src",
"product_id": "kubevirt-0:4.9.0-287.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.9.0-287.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "kubevirt-0:4.9.0-287.el8.src",
"product": {
"name": "kubevirt-0:4.9.0-287.el8.src",
"product_id": "kubevirt-0:4.9.0-287.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.9.0-287.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"product_id": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.9.0-287.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.9.0-287.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"product_id": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.9.0-287.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.9.0-287.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.9.0-287.el7.src as a component of CNV 4.9 for RHEL 7",
"product_id": "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src"
},
"product_reference": "kubevirt-0:4.9.0-287.el7.src",
"relates_to_product_reference": "7Server-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64 as a component of CNV 4.9 for RHEL 7",
"product_id": "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64 as a component of CNV 4.9 for RHEL 7",
"product_id": "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.9.0-287.el8.src as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src"
},
"product_reference": "kubevirt-0:4.9.0-287.el8.src",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15586",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2020-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1856953"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15586"
},
{
"category": "external",
"summary": "RHBZ#1856953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ"
}
],
"release_date": "2020-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-02T17:36:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4103"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS"
},
{
"cve": "CVE-2020-16845",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2020-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1867099"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4) components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16845"
},
{
"category": "external",
"summary": "RHBZ#1867099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo",
"url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-02T17:36:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4103"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs"
},
{
"cve": "CVE-2021-3114",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2021-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1918750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "RHBZ#1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
"url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
}
],
"release_date": "2021-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-02T17:36:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4103"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: incorrect operations on the P-224 curve"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-02T17:36:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4103"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src",
"7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64",
"7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64",
"8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src",
"8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64",
"8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
}
]
}
SUSE-SU-2020:2562-1
Vulnerability from csaf_suse - Published: 2020-09-07 15:10 - Updated: 2020-09-07 15:10| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.14",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.14 fixes the following issues:\n\n- go1.14 was updated to version 1.14.7 \n- CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977).\t \n\n- go1.14.6 (released 2020-07-16) includes fixes to the go command,\n the compiler, the linker, vet, and the database/sql,\n encoding/json, net/http, reflect, and testing packages.\n Refs bsc#1164903 go1.14 release tracking\n Refs bsc#1174153 bsc#1174191\n * go#39991 runtime: missing deferreturn on linux/ppc64le\n * go#39920 net/http: panic on misformed If-None-Match Header with http.ServeContent\n * go#39849 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes\n * go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15\n * go#39698 reflect: panic from malloc after MakeFunc function returns value that is also stored globally\n * go#39636 reflect: DeepEqual can return true for values that are not equal\n * go#39585 encoding/json: incorrect object key unmarshaling when using custom TextUnmarshaler as Key with string va\nlues\n * go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builder because it trie\ns to use an older version of dlv which only supports linux/amd64\n * go#39308 testing: streaming output loses parallel subtest associations\n * go#39288 cmd/vet: update for new number formats\n * go#39101 database/sql: context cancellation allows statements to execute after rollback\n * go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not mentioned in the release notes\n * go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586\n * go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only)\n- Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is\n not present bsc#1172868 gh#golang/go#35305\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2562,SUSE-SLE-Module-Development-Tools-15-SP1-2020-2562,SUSE-SLE-Module-Development-Tools-15-SP2-2020-2562",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2562-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2562-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202562-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2562-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007377.html"
},
{
"category": "self",
"summary": "SUSE Bug 1164903",
"url": "https://bugzilla.suse.com/1164903"
},
{
"category": "self",
"summary": "SUSE Bug 1169832",
"url": "https://bugzilla.suse.com/1169832"
},
{
"category": "self",
"summary": "SUSE Bug 1170826",
"url": "https://bugzilla.suse.com/1170826"
},
{
"category": "self",
"summary": "SUSE Bug 1172868",
"url": "https://bugzilla.suse.com/1172868"
},
{
"category": "self",
"summary": "SUSE Bug 1174153",
"url": "https://bugzilla.suse.com/1174153"
},
{
"category": "self",
"summary": "SUSE Bug 1174191",
"url": "https://bugzilla.suse.com/1174191"
},
{
"category": "self",
"summary": "SUSE Bug 1174977",
"url": "https://bugzilla.suse.com/1174977"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14039 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15586 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16845 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16845/"
}
],
"title": "Security update for go1.14",
"tracking": {
"current_release_date": "2020-09-07T15:10:08Z",
"generator": {
"date": "2020-09-07T15:10:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2562-1",
"initial_release_date": "2020-09-07T15:10:08Z",
"revision_history": [
{
"date": "2020-09-07T15:10:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.7-1.15.1.aarch64",
"product": {
"name": "go1.14-1.14.7-1.15.1.aarch64",
"product_id": "go1.14-1.14.7-1.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.7-1.15.1.aarch64",
"product": {
"name": "go1.14-doc-1.14.7-1.15.1.aarch64",
"product_id": "go1.14-doc-1.14.7-1.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.14-race-1.14.7-1.15.1.aarch64",
"product": {
"name": "go1.14-race-1.14.7-1.15.1.aarch64",
"product_id": "go1.14-race-1.14.7-1.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.7-1.15.1.i586",
"product": {
"name": "go1.14-1.14.7-1.15.1.i586",
"product_id": "go1.14-1.14.7-1.15.1.i586"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.7-1.15.1.i586",
"product": {
"name": "go1.14-doc-1.14.7-1.15.1.i586",
"product_id": "go1.14-doc-1.14.7-1.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.7-1.15.1.ppc64le",
"product": {
"name": "go1.14-1.14.7-1.15.1.ppc64le",
"product_id": "go1.14-1.14.7-1.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.7-1.15.1.ppc64le",
"product": {
"name": "go1.14-doc-1.14.7-1.15.1.ppc64le",
"product_id": "go1.14-doc-1.14.7-1.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.7-1.15.1.s390x",
"product": {
"name": "go1.14-1.14.7-1.15.1.s390x",
"product_id": "go1.14-1.14.7-1.15.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.7-1.15.1.s390x",
"product": {
"name": "go1.14-doc-1.14.7-1.15.1.s390x",
"product_id": "go1.14-doc-1.14.7-1.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.7-1.15.1.x86_64",
"product": {
"name": "go1.14-1.14.7-1.15.1.x86_64",
"product_id": "go1.14-1.14.7-1.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.7-1.15.1.x86_64",
"product": {
"name": "go1.14-doc-1.14.7-1.15.1.x86_64",
"product_id": "go1.14-doc-1.14.7-1.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.14-race-1.14.7-1.15.1.x86_64",
"product": {
"name": "go1.14-race-1.14.7-1.15.1.x86_64",
"product_id": "go1.14-race-1.14.7-1.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.7-1.15.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64"
},
"product_reference": "go1.14-1.14.7-1.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.7-1.15.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le"
},
"product_reference": "go1.14-1.14.7-1.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.7-1.15.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x"
},
"product_reference": "go1.14-1.14.7-1.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.7-1.15.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64"
},
"product_reference": "go1.14-1.14.7-1.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.7-1.15.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64"
},
"product_reference": "go1.14-doc-1.14.7-1.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.7-1.15.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le"
},
"product_reference": "go1.14-doc-1.14.7-1.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.7-1.15.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x"
},
"product_reference": "go1.14-doc-1.14.7-1.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.7-1.15.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64"
},
"product_reference": "go1.14-doc-1.14.7-1.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.7-1.15.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64"
},
"product_reference": "go1.14-1.14.7-1.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.7-1.15.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le"
},
"product_reference": "go1.14-1.14.7-1.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.7-1.15.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x"
},
"product_reference": "go1.14-1.14.7-1.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.7-1.15.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64"
},
"product_reference": "go1.14-1.14.7-1.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.7-1.15.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64"
},
"product_reference": "go1.14-doc-1.14.7-1.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.7-1.15.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le"
},
"product_reference": "go1.14-doc-1.14.7-1.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.7-1.15.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x"
},
"product_reference": "go1.14-doc-1.14.7-1.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.7-1.15.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
},
"product_reference": "go1.14-doc-1.14.7-1.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14039"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14039",
"url": "https://www.suse.com/security/cve/CVE-2020-14039"
},
{
"category": "external",
"summary": "SUSE Bug 1174191 for CVE-2020-14039",
"url": "https://bugzilla.suse.com/1174191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-07T15:10:08Z",
"details": "moderate"
}
],
"title": "CVE-2020-14039"
},
{
"cve": "CVE-2020-15586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15586"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15586",
"url": "https://www.suse.com/security/cve/CVE-2020-15586"
},
{
"category": "external",
"summary": "SUSE Bug 1174153 for CVE-2020-15586",
"url": "https://bugzilla.suse.com/1174153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-07T15:10:08Z",
"details": "important"
}
],
"title": "CVE-2020-15586"
},
{
"cve": "CVE-2020-16845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16845"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16845",
"url": "https://www.suse.com/security/cve/CVE-2020-16845"
},
{
"category": "external",
"summary": "SUSE Bug 1174977 for CVE-2020-16845",
"url": "https://bugzilla.suse.com/1174977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.7-1.15.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.7-1.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-07T15:10:08Z",
"details": "moderate"
}
],
"title": "CVE-2020-16845"
}
]
}
ubuntu-cve-2020-16845
Vulnerability from osv_ubuntu
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm2?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.8-1ubuntu1~16.04.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.8-1ubuntu1~18.04.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.8-1ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.8-1ubuntu2.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2"
]
}
],
"aliases": [],
"details": "Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.",
"id": "UBUNTU-CVE-2020-16845",
"modified": "2026-05-20T14:52:18Z",
"published": "2020-08-06T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-16845"
},
{
"type": "REPORT",
"url": "https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q"
},
{
"type": "REPORT",
"url": "https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5725-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5725-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
}
],
"related": [
"USN-5725-1",
"USN-5725-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-16845"
]
}
WID-SEC-W-2023-1599
Vulnerability from csaf_certbund - Published: 2021-01-13 23:00 - Updated: 2023-06-29 22:00In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Insights 2.0.2
IBM
|
cpe:/a:ibm:security_guardium:10.0
|
— |
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://www.ibm.com/support/pages/node/7008449 | external |
| https://www.ibm.com/support/pages/node/6403463 | external |
| https://access.redhat.com/errata/RHSA-2021:0521 | external |
| https://access.redhat.com/errata/RHSA-2021:0548 | external |
| https://ubuntu.com/security/notices/USN-4758-1 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Security Guardium ist eine L\u00f6sung f\u00fcr die \u00dcberwachung und Auditierung des Datenzugriffs.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1599 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-1599.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1599 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1599"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7008449"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6403463 vom 2021-01-13",
"url": "https://www.ibm.com/support/pages/node/6403463"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0521 vom 2021-02-15",
"url": "https://access.redhat.com/errata/RHSA-2021:0521"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0548 vom 2021-02-16",
"url": "https://access.redhat.com/errata/RHSA-2021:0548"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4758-1 vom 2021-03-09",
"url": "https://ubuntu.com/security/notices/USN-4758-1"
}
],
"source_lang": "en-US",
"title": "IBM Security Guardium: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-29T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:53:55.140+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1599",
"initial_release_date": "2021-01-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-01-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-02-15T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-02-16T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-03-08T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"category": "product_name",
"name": "IBM Security Guardium Insights 2.0.2",
"product": {
"name": "IBM Security Guardium Insights 2.0.2",
"product_id": "316562",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:10.0"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14039",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-14039"
},
{
"cve": "CVE-2020-14145",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-14145"
},
{
"cve": "CVE-2020-15168",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-15168"
},
{
"cve": "CVE-2020-15586",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-15586"
},
{
"cve": "CVE-2020-15778",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-15778"
},
{
"cve": "CVE-2020-16845",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-16845"
},
{
"cve": "CVE-2020-24553",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-24553"
},
{
"cve": "CVE-2020-4166",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4166"
},
{
"cve": "CVE-2020-4594",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4594"
},
{
"cve": "CVE-2020-4595",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4595"
},
{
"cve": "CVE-2020-4596",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4596"
},
{
"cve": "CVE-2020-4597",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4597"
},
{
"cve": "CVE-2020-4599",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4599"
},
{
"cve": "CVE-2020-4600",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4600"
},
{
"cve": "CVE-2020-4602",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4602"
},
{
"cve": "CVE-2020-4604",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-4604"
},
{
"cve": "CVE-2020-7608",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-7608"
},
{
"cve": "CVE-2020-8244",
"notes": [
{
"category": "description",
"text": "In IBM Security Guardium existieren mehrere Schwachstellen. Die Schwachstellen sind einerseits in verschiedenen Komponenten des Produktes vorhanden sowie im Produkt selbst. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Angriff zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T000126",
"5104",
"316562"
]
},
"release_date": "2021-01-13T23:00:00.000+00:00",
"title": "CVE-2020-8244"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.