Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47950 (GCVE-0-2025-47950)
Vulnerability from cvelistv5 – Published: 2025-06-06 17:32 – Updated: 2025-06-06 21:27- CWE-770 - Allocation of Resources Without Limits or Throttling
| URL | Tags |
|---|---|
| https://github.com/coredns/coredns/security/advis… | x_refsource_CONFIRM |
| https://github.com/coredns/coredns/commit/efaed02… | x_refsource_MISC |
| https://datatracker.ietf.org/doc/html/rfc9250 | x_refsource_MISC |
| https://github.com/quic-go/quic-go | x_refsource_MISC |
| https://www.usenix.org/conference/usenixsecurity2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T18:40:34.748230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T18:42:01.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coredns",
"vendor": "coredns",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash \u2014 especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T21:27:05.841Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw"
},
{
"name": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc9250",
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9250"
},
{
"name": "https://github.com/quic-go/quic-go",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quic-go/quic-go"
},
{
"name": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella"
}
],
"source": {
"advisory": "GHSA-cvx7-x8pj-x2gw",
"discovery": "UNKNOWN"
},
"title": "CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47950",
"datePublished": "2025-06-06T17:32:30.218Z",
"dateReserved": "2025-05-14T10:32:43.531Z",
"dateUpdated": "2025-06-06T21:27:05.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-47950",
"date": "2026-07-08",
"epss": "0.01132",
"percentile": "0.62554"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47950\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-06T18:15:35.330\",\"lastModified\":\"2026-06-17T09:28:53.323\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash \u2014 especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies.\"},{\"lang\":\"es\",\"value\":\"CoreDNS es un servidor DNS que encadena complementos. En versiones anteriores a la 1.12.2, exist\u00eda una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la implementaci\u00f3n del servidor DNS sobre QUIC (DoQ) de CoreDNS. Anteriormente, el servidor creaba una nueva goroutine para cada flujo QUIC entrante sin imponer ning\u00fan l\u00edmite en el n\u00famero de flujos o goroutines simult\u00e1neos. Un atacante remoto no autenticado podr\u00eda abrir un gran n\u00famero de flujos, lo que provocar\u00eda un consumo de memoria descontrolado y, eventualmente, un fallo por falta de memoria (OOM), especialmente en entornos contenedorizados o con memoria limitada. El parche de la versi\u00f3n 1.12.2 introduce dos mecanismos clave de mitigaci\u00f3n: `max_streams`, que limita el n\u00famero de flujos QUIC simult\u00e1neos por conexi\u00f3n con un valor predeterminado de `256`; y `worker_pool_size`, que introduce un grupo de trabajadores limitado a nivel de servidor para procesar los flujos entrantes con un valor predeterminado de `1024`. Esto elimina el modelo 1:1 de flujo a go-rutina y garantiza la resiliencia de CoreDNS en condiciones de alta concurrencia. Existen soluciones alternativas para quienes no puedan actualizar. Desactive la compatibilidad con QUIC eliminando o comentando el bloque `quic://` en el Corefile, utilice los l\u00edmites de recursos del contenedor en tiempo de ejecuci\u00f3n para detectar y aislar el uso excesivo de memoria, o monitoree los patrones de conexi\u00f3n de QUIC y alerte sobre anomal\u00edas.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"coredns\",\"product\":\"coredns\",\"versions\":[{\"version\":\"\u003c 1.12.2\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-06-06T18:40:34.748230Z\",\"id\":\"CVE-2025-47950\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.12.2\",\"matchCriteriaId\":\"C6E2A1C9-04F7-4EB6-9BDF-5358AC2EBA35\"}]}]}],\"references\":[{\"url\":\"https://datatracker.ietf.org/doc/html/rfc9250\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/quic-go/quic-go\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.usenix.org/conference/usenixsecurity23/presentation/botella\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47950\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-06T18:40:34.748230Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-06T18:41:56.320Z\"}}], \"cna\": {\"title\": \"CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification\", \"source\": {\"advisory\": \"GHSA-cvx7-x8pj-x2gw\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"coredns\", \"product\": \"coredns\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.12.2\"}]}], \"references\": [{\"url\": \"https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw\", \"name\": \"https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1\", \"name\": \"https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://datatracker.ietf.org/doc/html/rfc9250\", \"name\": \"https://datatracker.ietf.org/doc/html/rfc9250\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/quic-go/quic-go\", \"name\": \"https://github.com/quic-go/quic-go\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.usenix.org/conference/usenixsecurity23/presentation/botella\", \"name\": \"https://www.usenix.org/conference/usenixsecurity23/presentation/botella\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash \\u2014 especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-06T21:27:05.841Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47950\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-06T21:27:05.841Z\", \"dateReserved\": \"2025-05-14T10:32:43.531Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-06T17:32:30.218Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.12.2 (coredns)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 QUIC;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u043f\u043e\u0441\u0442\u0443\u043f\u0430\u044e\u0449\u0438\u0445 QUIC-\u043f\u0430\u043a\u0435\u0442\u043e\u0432;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 SIEM-\u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 QUIL-\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f\u043c\u0438;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f, \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438) \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438:\nhttps://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.06.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-06624",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-47950",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "coredns",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 QUIC DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 CoreDNS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438\u043b\u0438 \u0434\u0440\u043e\u0441\u0441\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 (CWE-770)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 QUIC DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 CoreDNS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0445\u0432\u0430\u0442\u043a\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-770",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
cleanstart-2026-vj54611
Vulnerability from cleanstart
Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kubernetes-dns-node-cache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.25.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-VJ54611",
"modified": "2026-05-20T18:52:19Z",
"published": "2026-05-21T08:11:44.432468Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VJ54611.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-13281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47950"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58063"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-64702"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68151"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26017"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2wpx-qpw2-g5h5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-527x-5wrf-22m2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-63cw-r7xf-jmwr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-93mf-426m-g6x9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c9v3-4pv7-87pr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cvx7-x8pj-x2gw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g754-hx8w-x2g6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h75p-j8xm-m278"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h8mm-c463-wjq3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qhmp-q7xh-99rh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r6j8-c6r2-37rr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vp29-5652-4fw9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58063"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64702"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-13281, CVE-2025-47950, CVE-2025-5187, CVE-2025-58063, CVE-2025-64702, CVE-2025-68151, CVE-2026-26017, CVE-2026-26018, CVE-2026-32934, CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-33811, CVE-2026-33814, CVE-2026-35579, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-2wpx-qpw2-g5h5, ghsa-4x4m-3c2p-qppc, ghsa-527x-5wrf-22m2, ghsa-63cw-r7xf-jmwr, ghsa-93mf-426m-g6x9, ghsa-c9v3-4pv7-87pr, ghsa-cvx7-x8pj-x2gw, ghsa-g754-hx8w-x2g6, ghsa-h75p-j8xm-m278, ghsa-h8mm-c463-wjq3, ghsa-qhmp-q7xh-99rh, ghsa-r6j8-c6r2-37rr, ghsa-vp29-5652-4fw9 applied in versions: 1.25.0-r2",
"upstream": [
"CVE-2025-13281",
"CVE-2025-47950",
"CVE-2025-5187",
"CVE-2025-58063",
"CVE-2025-64702",
"CVE-2025-68151",
"CVE-2026-26017",
"CVE-2026-26018",
"CVE-2026-32934",
"CVE-2026-32936",
"CVE-2026-33190",
"CVE-2026-33489",
"CVE-2026-33811",
"CVE-2026-33814",
"CVE-2026-35579",
"CVE-2026-39817",
"CVE-2026-39819",
"CVE-2026-39820",
"CVE-2026-39823",
"CVE-2026-39825",
"CVE-2026-39826",
"CVE-2026-39836",
"CVE-2026-42499",
"CVE-2026-42501",
"ghsa-2wpx-qpw2-g5h5",
"ghsa-4x4m-3c2p-qppc",
"ghsa-527x-5wrf-22m2",
"ghsa-63cw-r7xf-jmwr",
"ghsa-93mf-426m-g6x9",
"ghsa-c9v3-4pv7-87pr",
"ghsa-cvx7-x8pj-x2gw",
"ghsa-g754-hx8w-x2g6",
"ghsa-h75p-j8xm-m278",
"ghsa-h8mm-c463-wjq3",
"ghsa-qhmp-q7xh-99rh",
"ghsa-r6j8-c6r2-37rr",
"ghsa-vp29-5652-4fw9"
]
}
FKIE_CVE-2025-47950
Vulnerability from fkie_nvd - Published: 2025-06-06 18:15 - Updated: 2026-06-17 09:28| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://datatracker.ietf.org/doc/html/rfc9250 | Technical Description | |
| security-advisories@github.com | https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1 | Patch | |
| security-advisories@github.com | https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw | Vendor Advisory | |
| security-advisories@github.com | https://github.com/quic-go/quic-go | Not Applicable | |
| security-advisories@github.com | https://www.usenix.org/conference/usenixsecurity23/presentation/botella | Broken Link |
| Vendor | Product | Version | |
|---|---|---|---|
| coredns.io | coredns | * |
{
"affected": [
{
"affectedData": [
{
"product": "coredns",
"vendor": "coredns",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.2"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E2A1C9-04F7-4EB6-9BDF-5358AC2EBA35",
"versionEndExcluding": "1.12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash \u2014 especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies."
},
{
"lang": "es",
"value": "CoreDNS es un servidor DNS que encadena complementos. En versiones anteriores a la 1.12.2, exist\u00eda una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la implementaci\u00f3n del servidor DNS sobre QUIC (DoQ) de CoreDNS. Anteriormente, el servidor creaba una nueva goroutine para cada flujo QUIC entrante sin imponer ning\u00fan l\u00edmite en el n\u00famero de flujos o goroutines simult\u00e1neos. Un atacante remoto no autenticado podr\u00eda abrir un gran n\u00famero de flujos, lo que provocar\u00eda un consumo de memoria descontrolado y, eventualmente, un fallo por falta de memoria (OOM), especialmente en entornos contenedorizados o con memoria limitada. El parche de la versi\u00f3n 1.12.2 introduce dos mecanismos clave de mitigaci\u00f3n: `max_streams`, que limita el n\u00famero de flujos QUIC simult\u00e1neos por conexi\u00f3n con un valor predeterminado de `256`; y `worker_pool_size`, que introduce un grupo de trabajadores limitado a nivel de servidor para procesar los flujos entrantes con un valor predeterminado de `1024`. Esto elimina el modelo 1:1 de flujo a go-rutina y garantiza la resiliencia de CoreDNS en condiciones de alta concurrencia. Existen soluciones alternativas para quienes no puedan actualizar. Desactive la compatibilidad con QUIC eliminando o comentando el bloque `quic://` en el Corefile, utilice los l\u00edmites de recursos del contenedor en tiempo de ejecuci\u00f3n para detectar y aislar el uso excesivo de memoria, o monitoree los patrones de conexi\u00f3n de QUIC y alerte sobre anomal\u00edas."
}
],
"id": "CVE-2025-47950",
"lastModified": "2026-06-17T09:28:53.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-47950",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T18:40:34.748230Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-06-06T18:15:35.330",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9250"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://github.com/quic-go/quic-go"
},
{
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
],
"url": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-CVX7-X8PJ-X2GW
Vulnerability from github – Published: 2025-06-06 21:27 – Updated: 2025-06-09 21:39Summary
A Denial of Service (DoS) vulnerability was discovered in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash — especially in containerized or memory-constrained environments.
Impact
- Component:
server_quic.go - Attack Vector: Remote, network-based
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Impact: High availability loss (OOM kill or unresponsiveness)
This issue affects deployments with quic:// enabled in the Corefile. A single attacker can cause the CoreDNS instance to become unresponsive using minimal bandwidth and CPU.
Patches
The patch introduces two key mitigation mechanisms:
max_streams: Caps the number of concurrent QUIC streams per connection. Default:256.worker_pool_size: Introduces a server-wide, bounded worker pool to process incoming streams. Default:1024.
This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. The new configuration options are exposed through the quic Corefile block:
quic {
max_streams 256
worker_pool_size 1024
}
These defaults are generous and aligned with typical DNS-over-QUIC client behavior.
Workarounds
If you're unable to upgrade immediately, you can:
- Disable QUIC support by removing or commenting out the quic:// block in your Corefile
- Use container runtime resource limits to detect and isolate excessive memory usage
- Monitor QUIC connection patterns and alert on anomalies
References
- RFC 9250 - DNS over Dedicated QUIC Connections
- quic-go GitHub project
- QUIC stream exhaustion class of vulnerabilities (related)
Credit
Thanks to @thevilledev for disclovering this vulnerability and contributing a high-quality fix.
For more information
Please consult our security guide for more information regarding our security process.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/coredns/coredns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-47950"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-06T21:27:27Z",
"nvd_published_at": "2025-06-06T18:15:35Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA **Denial of Service (DoS)** vulnerability was discovered in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash \u2014 especially in containerized or memory-constrained environments.\n\n### Impact\n\n- **Component**: `server_quic.go`\n- **Attack Vector**: Remote, network-based\n- **Attack Complexity**: Low\n- **Privileges Required**: None\n- **User Interaction**: None\n- **Impact**: High availability loss (OOM kill or unresponsiveness)\n\nThis issue affects deployments with `quic://` enabled in the Corefile. A single attacker can cause the CoreDNS instance to become unresponsive using minimal bandwidth and CPU.\n\n### Patches\n\nThe patch introduces two key mitigation mechanisms:\n\n- **`max_streams`**: Caps the number of concurrent QUIC streams per connection. Default: `256`.\n- **`worker_pool_size`**: Introduces a server-wide, bounded worker pool to process incoming streams. Default: `1024`.\n\nThis eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. The new configuration options are exposed through the `quic` Corefile block:\n\n```\nquic {\n max_streams 256\n worker_pool_size 1024\n}\n```\n\nThese defaults are generous and aligned with typical DNS-over-QUIC client behavior.\n\n### Workarounds\n\nIf you\u0027re unable to upgrade immediately, you can:\n- Disable QUIC support by removing or commenting out the `quic://` block in your Corefile\n- Use container runtime resource limits to detect and isolate excessive memory usage\n- Monitor QUIC connection patterns and alert on anomalies\n\n### References\n\n- [RFC 9250 - DNS over Dedicated QUIC Connections](https://datatracker.ietf.org/doc/html/rfc9250)\n- [quic-go GitHub project](https://github.com/quic-go/quic-go)\n- [QUIC stream exhaustion class of vulnerabilities (related)](https://www.usenix.org/conference/usenixsecurity23/presentation/botella)\n\n### Credit\n\nThanks to [@thevilledev](https://github.com/thevilledev) for disclovering this vulnerability and contributing a high-quality fix.\n\n### For more information\n\nPlease consult our [security guide](https://github.com/coredns/coredns/blob/master/.github/SECURITY.md) for more information regarding our security process.",
"id": "GHSA-cvx7-x8pj-x2gw",
"modified": "2025-06-09T21:39:31Z",
"published": "2025-06-06T21:27:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950"
},
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc9250"
},
{
"type": "PACKAGE",
"url": "https://github.com/coredns/coredns"
},
{
"type": "WEB",
"url": "https://github.com/quic-go/quic-go"
},
{
"type": "WEB",
"url": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification"
}
MSRC_CVE-2025-47950
Vulnerability from csaf_microsoft - Published: 2025-06-02 00:00 - Updated: 2026-02-18 14:34| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19564-17086 | — | ||
| Unresolved product id: 19611-17084 | — | ||
| Unresolved product id: 20137-17086 | — |
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-47950.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification",
"tracking": {
"current_release_date": "2026-02-18T14:34:20.000Z",
"generator": {
"date": "2026-02-21T04:08:22.913Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-47950",
"initial_release_date": "2025-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-07-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T14:34:20.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm2 coredns 1.11.1-19",
"product": {
"name": "\u003ccm2 coredns 1.11.1-19",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cm2 coredns 1.11.1-19",
"product": {
"name": "cm2 coredns 1.11.1-19",
"product_id": "19564"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 coredns 1.11.4-7",
"product": {
"name": "\u003cazl3 coredns 1.11.4-7",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 coredns 1.11.4-7",
"product": {
"name": "azl3 coredns 1.11.4-7",
"product_id": "19611"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 coredns 1.11.1-19",
"product": {
"name": "\u003ccbl2 coredns 1.11.1-19",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 coredns 1.11.1-19",
"product": {
"name": "cbl2 coredns 1.11.1-19",
"product_id": "20137"
}
}
],
"category": "product_name",
"name": "coredns"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm2 coredns 1.11.1-19 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm2 coredns 1.11.1-19 as a component of CBL Mariner 2.0",
"product_id": "19564-17086"
},
"product_reference": "19564",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 coredns 1.11.4-7 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 coredns 1.11.4-7 as a component of Azure Linux 3.0",
"product_id": "19611-17084"
},
"product_reference": "19611",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 coredns 1.11.1-19 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 coredns 1.11.1-19 as a component of CBL Mariner 2.0",
"product_id": "20137-17086"
},
"product_reference": "20137",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47950",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19564-17086",
"19611-17084",
"20137-17086"
],
"known_affected": [
"17086-3",
"17084-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-47950.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-11T00:00:00.000Z",
"details": "1.11.1-19:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-07-11T00:00:00.000Z",
"details": "1.11.4-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17086-3",
"17084-2",
"17086-1"
]
}
],
"title": "CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification"
}
]
}
OPENSUSE-SU-2025:15225-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2020-36846/ | self |
| https://www.suse.com/security/cve/CVE-2022-31022/ | self |
| https://www.suse.com/security/cve/CVE-2023-42818/ | self |
| https://www.suse.com/security/cve/CVE-2025-0913/ | self |
| https://www.suse.com/security/cve/CVE-2025-1792/ | self |
| https://www.suse.com/security/cve/CVE-2025-22874/ | self |
| https://www.suse.com/security/cve/CVE-2025-25207/ | self |
| https://www.suse.com/security/cve/CVE-2025-25208/ | self |
| https://www.suse.com/security/cve/CVE-2025-2571/ | self |
| https://www.suse.com/security/cve/CVE-2025-29785/ | self |
| https://www.suse.com/security/cve/CVE-2025-3230/ | self |
| https://www.suse.com/security/cve/CVE-2025-3260/ | self |
| https://www.suse.com/security/cve/CVE-2025-3454/ | self |
| https://www.suse.com/security/cve/CVE-2025-3611/ | self |
| https://www.suse.com/security/cve/CVE-2025-3913/ | self |
| https://www.suse.com/security/cve/CVE-2025-4128/ | self |
| https://www.suse.com/security/cve/CVE-2025-4573/ | self |
| https://www.suse.com/security/cve/CVE-2025-4673/ | self |
| https://www.suse.com/security/cve/CVE-2025-47950/ | self |
| https://www.suse.com/security/cve/CVE-2025-48494/ | self |
| https://www.suse.com/security/cve/CVE-2025-48495/ | self |
| https://www.suse.com/security/cve/CVE-2025-48710/ | self |
| https://www.suse.com/security/cve/CVE-2025-48865/ | self |
| https://www.suse.com/security/cve/CVE-2025-48938/ | self |
| https://www.suse.com/security/cve/CVE-2025-48948/ | self |
| https://www.suse.com/security/cve/CVE-2025-48949/ | self |
| https://www.suse.com/security/cve/CVE-2025-49011/ | self |
| https://www.suse.com/security/cve/CVE-2025-49136/ | self |
| https://www.suse.com/security/cve/CVE-2025-49140/ | self |
| https://www.suse.com/security/cve/CVE-2020-36846 | external |
| https://bugzilla.suse.com/1175825 | external |
| https://www.suse.com/security/cve/CVE-2022-31022 | external |
| https://www.suse.com/security/cve/CVE-2023-42818 | external |
| https://www.suse.com/security/cve/CVE-2025-0913 | external |
| https://bugzilla.suse.com/1244157 | external |
| https://www.suse.com/security/cve/CVE-2025-1792 | external |
| https://www.suse.com/security/cve/CVE-2025-22874 | external |
| https://bugzilla.suse.com/1244158 | external |
| https://www.suse.com/security/cve/CVE-2025-25207 | external |
| https://www.suse.com/security/cve/CVE-2025-25208 | external |
| https://www.suse.com/security/cve/CVE-2025-2571 | external |
| https://www.suse.com/security/cve/CVE-2025-29785 | external |
| https://bugzilla.suse.com/1243936 | external |
| https://www.suse.com/security/cve/CVE-2025-3230 | external |
| https://www.suse.com/security/cve/CVE-2025-3260 | external |
| https://www.suse.com/security/cve/CVE-2025-3454 | external |
| https://bugzilla.suse.com/1241683 | external |
| https://www.suse.com/security/cve/CVE-2025-3611 | external |
| https://www.suse.com/security/cve/CVE-2025-3913 | external |
| https://www.suse.com/security/cve/CVE-2025-4128 | external |
| https://www.suse.com/security/cve/CVE-2025-4573 | external |
| https://www.suse.com/security/cve/CVE-2025-4673 | external |
| https://bugzilla.suse.com/1244156 | external |
| https://www.suse.com/security/cve/CVE-2025-47950 | external |
| https://bugzilla.suse.com/1244331 | external |
| https://www.suse.com/security/cve/CVE-2025-48494 | external |
| https://www.suse.com/security/cve/CVE-2025-48495 | external |
| https://www.suse.com/security/cve/CVE-2025-48710 | external |
| https://www.suse.com/security/cve/CVE-2025-48865 | external |
| https://www.suse.com/security/cve/CVE-2025-48938 | external |
| https://bugzilla.suse.com/1243930 | external |
| https://www.suse.com/security/cve/CVE-2025-48948 | external |
| https://www.suse.com/security/cve/CVE-2025-48949 | external |
| https://www.suse.com/security/cve/CVE-2025-49011 | external |
| https://www.suse.com/security/cve/CVE-2025-49136 | external |
| https://www.suse.com/security/cve/CVE-2025-49140 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250612T141001-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15225",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15225-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36846 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31022 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42818 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1792 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22874 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25207 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25208 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2571 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-29785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-29785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3230 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3260 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3454 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3611 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4128 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4573 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48710 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49140/"
}
],
"title": "govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15225-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36846"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36846",
"url": "https://www.suse.com/security/cve/CVE-2020-36846"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-36846",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-36846"
},
{
"cve": "CVE-2022-31022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31022"
}
],
"notes": [
{
"category": "general",
"text": "Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node\u0027s filesystem where the bleve index resides, if the user has used bleve\u0027s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit \nhandling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. Version 2.5.0 relocated the `http/` dir used _only_ by bleve-explorer to `blevesearch/bleve-explorer`, thereby addressing the issue. However, the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31022",
"url": "https://www.suse.com/security/cve/CVE-2022-31022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-31022"
},
{
"cve": "CVE-2023-42818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42818"
}
],
"notes": [
{
"category": "general",
"text": "JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42818",
"url": "https://www.suse.com/security/cve/CVE-2023-42818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-42818"
},
{
"cve": "CVE-2025-0913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0913"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0913",
"url": "https://www.suse.com/security/cve/CVE-2025-0913"
},
{
"category": "external",
"summary": "SUSE Bug 1244157 for CVE-2025-0913",
"url": "https://bugzilla.suse.com/1244157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-0913"
},
{
"cve": "CVE-2025-1792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1792"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1792",
"url": "https://www.suse.com/security/cve/CVE-2025-1792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-1792"
},
{
"cve": "CVE-2025-22874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22874"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22874",
"url": "https://www.suse.com/security/cve/CVE-2025-22874"
},
{
"category": "external",
"summary": "SUSE Bug 1244158 for CVE-2025-22874",
"url": "https://bugzilla.suse.com/1244158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22874"
},
{
"cve": "CVE-2025-25207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25207"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25207",
"url": "https://www.suse.com/security/cve/CVE-2025-25207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-25207"
},
{
"cve": "CVE-2025-25208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25208"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25208",
"url": "https://www.suse.com/security/cve/CVE-2025-25208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-25208"
},
{
"cve": "CVE-2025-2571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2571"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.6.x \u003c= 10.6.2, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2571",
"url": "https://www.suse.com/security/cve/CVE-2025-2571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-2571"
},
{
"cve": "CVE-2025-29785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-29785"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses (thereby triggering the newly added path validation logic: the server sends path probe packets), and then sending ACKs for packets received from the server specifically crafted to trigger the nil-pointer dereference. v0.50.1 contains a patch that fixes the vulnerability. This release contains a test that generates random sequences of sent packets (both regular and path probe packets), that was used to verify that the patch actually covers all corner cases. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-29785",
"url": "https://www.suse.com/security/cve/CVE-2025-29785"
},
{
"category": "external",
"summary": "SUSE Bug 1243936 for CVE-2025-29785",
"url": "https://bugzilla.suse.com/1243936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-29785"
},
{
"cve": "CVE-2025-3230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3230"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.6.x \u003c= 10.6.2, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3230",
"url": "https://www.suse.com/security/cve/CVE-2025-3230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3230"
},
{
"cve": "CVE-2025-3260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3260"
}
],
"notes": [
{
"category": "general",
"text": "A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1).\n\nImpact:\n\n- Viewers can view all dashboards/folders regardless of permissions\n\n- Editors can view/edit/delete all dashboards/folders regardless of permissions\n\n- Editors can create dashboards in any folder regardless of permissions\n\n- Anonymous users with viewer/editor roles are similarly affected\n\nOrganization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3260",
"url": "https://www.suse.com/security/cve/CVE-2025-3260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-3260"
},
{
"cve": "CVE-2025-3454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3454"
}
],
"notes": [
{
"category": "general",
"text": "This vulnerability in Grafana\u0027s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path.\n\nUsers with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources.\n\nThe issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Prometheus-based datasources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3454",
"url": "https://www.suse.com/security/cve/CVE-2025-3454"
},
{
"category": "external",
"summary": "SUSE Bug 1241683 for CVE-2025-3454",
"url": "https://bugzilla.suse.com/1241683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3454"
},
{
"cve": "CVE-2025-3611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3611"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with \u0027No access\u0027 to Teams in the System Console.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3611",
"url": "https://www.suse.com/security/cve/CVE-2025-3611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-3611"
},
{
"cve": "CVE-2025-3913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3913"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.6.x \u003c= 10.6.2, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the \u0027invite user\u0027 permission to access and modify team invite IDs via the /api/v4/teams/:teamId/privacy endpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3913",
"url": "https://www.suse.com/security/cve/CVE-2025-3913"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3913"
},
{
"cve": "CVE-2025-4128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4128"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4128",
"url": "https://www.suse.com/security/cve/CVE-2025-4128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-4128"
},
{
"cve": "CVE-2025-4573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4573"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4573",
"url": "https://www.suse.com/security/cve/CVE-2025-4573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4573"
},
{
"cve": "CVE-2025-4673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4673"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4673",
"url": "https://www.suse.com/security/cve/CVE-2025-4673"
},
{
"category": "external",
"summary": "SUSE Bug 1244156 for CVE-2025-4673",
"url": "https://bugzilla.suse.com/1244156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4673"
},
{
"cve": "CVE-2025-47950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47950"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47950",
"url": "https://www.suse.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "SUSE Bug 1244331 for CVE-2025-47950",
"url": "https://bugzilla.suse.com/1244331"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47950"
},
{
"cve": "CVE-2025-48494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48494"
}
],
"notes": [
{
"category": "general",
"text": "Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users using a version prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A possible workaround would be to disable end-to-end encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48494",
"url": "https://www.suse.com/security/cve/CVE-2025-48494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48494"
},
{
"cve": "CVE-2025-48495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48495"
}
],
"notes": [
{
"category": "general",
"text": "Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48495",
"url": "https://www.suse.com/security/cve/CVE-2025-48495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48495"
},
{
"cve": "CVE-2025-48710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48710"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48710",
"url": "https://www.suse.com/security/cve/CVE-2025-48710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48710"
},
{
"cve": "CVE-2025-48865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48865"
}
],
"notes": [
{
"category": "general",
"text": "Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should trust these headers, allowing HTTP clients to remove or modify them creates potential security vulnerabilities. Some of these custom headers can be removed and, in certain cases, manipulated. The attack relies on the behavior that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been patched in version 1.6.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48865",
"url": "https://www.suse.com/security/cve/CVE-2025-48865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-48865"
},
{
"cve": "CVE-2025-48938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48938"
}
],
"notes": [
{
"category": "general",
"text": "go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user\u0027s machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48938",
"url": "https://www.suse.com/security/cve/CVE-2025-48938"
},
{
"category": "external",
"summary": "SUSE Bug 1243930 for CVE-2025-48938",
"url": "https://bugzilla.suse.com/1243930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-48938"
},
{
"cve": "CVE-2025-48948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48948"
}
],
"notes": [
{
"category": "general",
"text": "Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48948",
"url": "https://www.suse.com/security/cve/CVE-2025-48948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-48948"
},
{
"cve": "CVE-2025-48949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48949"
}
],
"notes": [
{
"category": "general",
"text": "Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48949",
"url": "https://www.suse.com/security/cve/CVE-2025-48949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-48949"
},
{
"cve": "CVE-2025-49011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49011"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49011",
"url": "https://www.suse.com/security/cve/CVE-2025-49011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-49011"
},
{
"cve": "CVE-2025-49136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49136"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49136",
"url": "https://www.suse.com/security/cve/CVE-2025-49136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-49136"
},
{
"cve": "CVE-2025-49140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49140"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49140",
"url": "https://www.suse.com/security/cve/CVE-2025-49140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-49140"
}
]
}
RHSA-2025:17128
Vulnerability from csaf_redhat - Published: 2025-10-01 03:46 - Updated: 2026-07-08 20:58A memory exhaustion vulnerability was found in CoreDNS when operating with QUIC traffic streams. The CoreDNS server in affected versions would spawn a new goroutine for each incoming QUIC stream without limit. This flaw allows a malicious user to create an unbounded number of QUIC streams and consume all available resources, leading to an application level denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64 | — |
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:17128 | self |
| https://access.redhat.com/security/cve/CVE-2025-47950 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2025-47950 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2370860 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-47950 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-47950 | external |
| https://datatracker.ietf.org/doc/html/rfc9250 | external |
| https://github.com/coredns/coredns/commit/efaed02… | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://github.com/quic-go/quic-go | external |
| https://www.usenix.org/conference/usenixsecurity2… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner v0.20.2 General Availability release images, which provide enhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section.\nRed Hat Advanced Cluster Management for Kubernetes v2.13",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods,\nimplementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator,\nit can enable direct networking between pods and services across different Kubernetes clusters.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:17128",
"url": "https://access.redhat.com/errata/RHSA-2025:17128"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47950",
"url": "https://access.redhat.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17128.json"
}
],
"title": "Red Hat Security Advisory: Submariner v0.20.2 security fixes and container updates",
"tracking": {
"current_release_date": "2026-07-08T20:58:30+00:00",
"generator": {
"date": "2026-07-08T20:58:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2025:17128",
"initial_release_date": "2025-10-01T03:46:30+00:00",
"revision_history": [
{
"date": "2025-10-01T03:46:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-01T03:46:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T20:58:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.13::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Management for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759168503"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Af2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759168533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759255850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Aefbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759153685"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256%3Aab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759258184"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759147035"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Af0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759147029"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759202884"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3Ac5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759147041"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ad905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759168503"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759168533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Ac31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759153685"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3Ae74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759202884"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759168503"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759168533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759153685"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759202884"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759168503"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759168533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759255850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759153685"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3Ab3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759147035"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759147029"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759202884"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.20.2-1759147041"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47950",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-06-06T18:00:49.860708+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370860"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion vulnerability was found in CoreDNS when operating with QUIC traffic streams. The CoreDNS server in affected versions would spawn a new goroutine for each incoming QUIC stream without limit. This flaw allows a malicious user to create an unbounded number of QUIC streams and consume all available resources, leading to an application level denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "On a Red Hat system, a denial of service to the CoreDNS service will not take down the host system, so the availability impact is assessed as Low for Red Hat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "RHBZ#2370860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9250",
"url": "https://datatracker.ietf.org/doc/html/rfc9250"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1",
"url": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go",
"url": "https://github.com/quic-go/quic-go"
},
{
"category": "external",
"summary": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella",
"url": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella"
}
],
"release_date": "2025-06-06T17:32:30.218000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T03:46:30+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17128"
},
{
"category": "workaround",
"details": "Users unable to upgrade should manually disable the QUIC protocol support.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:4c82d0f3d62d6089f306dc88a3eeaed60d423541bb39324da21a61264b64fdbf_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:93c51db1cc4e9247aa20818ae6ff75d835ab8f5573a4cd25674d78c4dba14fe9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:9a869532fb064448318622890f317adce8b769896d5393885abc8c5e9c3b0199_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d905ef89fb32a76f5ddbdd5ae713b71dd41e3ccaf8b0e10f273ea75495eef922_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7fc1504810a8468c3f82979994b10c7a4ed02742f824dd467cc237a440f85b0a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9eb3e91644195a4c046c6afcd0e3ad179304e532b25ca412d48995c7330c885d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:9fad0552b971600e55c92be6e762ae20d040316782b44e8e51b181d6e7bf8d1d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f2794e21f96bd0f710ecf0ea3f7a70a4fd9aab504df15a664b7f7a29c9ff3f5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:1d05356129ed2a534e65adc3230a7e0d37b0a536469bb29569de0d6128201952_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:7efbe6bb502281b91fe3a0e0dc5a3a39c2d3b59477866fe5e40fc73e95d0fca4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:2247f4479c783ada6f5581e1319e74add3aa66eb7c09e36d3904c04db069ba4f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3c2f289a599ce3c4241096479302f6d44f0a87fe77852881636d3996f719feab_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:c31b32bd2be8e5bfc675a2074fc815ce386af05cc202d56eb022057b981fbe81_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:efbcd22e0fe51993955c8ca9cea699ed3fdfafb0ecfef6164e645a03df83235f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:33c66141c6fb0742804d732a3b0957569b9a98f2ba8d60b2ad58e62e937031c2_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:b3c4fd76baed396b22f61d10898423b8892f2fc9c89bd9621214b6db0f4bb0c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:6cc5a038548f1e3ad1ca767af5c6de509749c299990e7422b8697d2ff40c343f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:f0d4fad6cd65ab442b2e3110b1a29e2479c39ff9f116c185e950c30efceebcee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:ab91bcd9cf28a1621aca62c8af01d1c3225602533dae8ebcfa3369e0a8087623_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:709c21d4859abb2cbd9cbba1ae315e01185d1512ea8016d67f286b73040c1dc4_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:821fc11c40eaa5caf4e4518a7cf1aea4b7b7a9159a8f21c3aead17c49b51aa4e_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:9afbd7c4ae3056293054a2167571917c1ceddbc1835c9ddc0fb86e4d766f4543_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:e74575b84875632ffc2f87f9f8348a6867800dccc81c7410d65e7842271982e6_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:098a85071176e6b25a24949cb158f6f9b22acaafc039b25feeb4fcb5242ea529_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c5c35afd77d7abdf56669ffa10be3f8e4d8e3b7119ee9103fa458595560d7937_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification"
}
]
}
RHSA-2025:21892
Vulnerability from csaf_redhat - Published: 2025-11-20 21:12 - Updated: 2026-07-08 21:02A memory exhaustion vulnerability was found in CoreDNS when operating with QUIC traffic streams. The CoreDNS server in affected versions would spawn a new goroutine for each incoming QUIC stream without limit. This flaw allows a malicious user to create an unbounded number of QUIC streams and consume all available resources, leading to an application level denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64 | — |
Workaround
|
A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64 | — |
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:21892 | self |
| https://access.redhat.com/security/cve/CVE-2025-47950 | external |
| https://access.redhat.com/security/cve/CVE-2025-59530 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2025-47950 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2370860 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-47950 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-47950 | external |
| https://datatracker.ietf.org/doc/html/rfc9250 | external |
| https://github.com/coredns/coredns/commit/efaed02… | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://github.com/quic-go/quic-go | external |
| https://www.usenix.org/conference/usenixsecurity2… | external |
| https://access.redhat.com/security/cve/CVE-2025-59530 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2403125 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-59530 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-59530 | external |
| https://github.com/quic-go/quic-go/blob/v0.55.0/c… | external |
| https://github.com/quic-go/quic-go/pull/5354 | external |
| https://github.com/quic-go/quic-go/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner v0.21 General Availability release images, which provide enhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section.\nRed Hat Advanced Cluster Management for Kubernetes v2.14",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods,\nimplementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator,\nit can enable direct networking between pods and services across different Kubernetes clusters.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:21892",
"url": "https://access.redhat.com/errata/RHSA-2025:21892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47950",
"url": "https://access.redhat.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59530",
"url": "https://access.redhat.com/security/cve/CVE-2025-59530"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21892.json"
}
],
"title": "Red Hat Security Advisory: Submariner v0.21 security fixes and container updates",
"tracking": {
"current_release_date": "2026-07-08T21:02:32+00:00",
"generator": {
"date": "2026-07-08T21:02:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2025:21892",
"initial_release_date": "2025-11-20T21:12:16+00:00",
"revision_history": [
{
"date": "2025-11-20T21:12:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-20T21:12:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T21:02:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Management for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762794425"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762794442"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1763479473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762820727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256%3Abee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1763509984"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1763479094"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1763479084"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762272934"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3Afb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1763479111"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Aefb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762794425"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762794442"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Abe8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762820727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762272934"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ac757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762794425"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Ac1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762794442"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Ad9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762820727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762272934"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762794425"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Ab4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762794442"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3Ac53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1763479473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762820727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1763479094"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Ad1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1763479084"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3Af23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1762272934"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=v0.21-1763479111"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47950",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-06-06T18:00:49.860708+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370860"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion vulnerability was found in CoreDNS when operating with QUIC traffic streams. The CoreDNS server in affected versions would spawn a new goroutine for each incoming QUIC stream without limit. This flaw allows a malicious user to create an unbounded number of QUIC streams and consume all available resources, leading to an application level denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "On a Red Hat system, a denial of service to the CoreDNS service will not take down the host system, so the availability impact is assessed as Low for Red Hat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "RHBZ#2370860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9250",
"url": "https://datatracker.ietf.org/doc/html/rfc9250"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1",
"url": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go",
"url": "https://github.com/quic-go/quic-go"
},
{
"category": "external",
"summary": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella",
"url": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella"
}
],
"release_date": "2025-06-06T17:32:30.218000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T21:12:16+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n\n* ACM-18625\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21892"
},
{
"category": "workaround",
"details": "Users unable to upgrade should manually disable the QUIC protocol support.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification"
},
{
"cve": "CVE-2025-59530",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-10T17:01:16.758297+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403125"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability risk is limited to applications which includethe quic-go library. Host Red Hat systems are not at risk of availability degradation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59530"
},
{
"category": "external",
"summary": "RHBZ#2403125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59530",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59530"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685",
"url": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/pull/5354",
"url": "https://github.com/quic-go/quic-go/pull/5354"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw",
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw"
}
],
"release_date": "2025-10-10T16:09:55.227000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-20T21:12:16+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n\n* ACM-18625\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:14c65ee67fd7195517a3cf39fec0cddb0eaf9e5b65e6397bd503a0ea33754345_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:165f366dd0ffa4dd79e879521915a3be858ff614d35f9e67753c88abf2112b44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c757e84627a3ae0a7e3686fb5420c9239d8110a7bd687cee63b9d589715411c6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:efb1d8f17a92ad94d8782856cd0a2db1b00c183b981a53e49ee0a1af49e61542_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:0f9380e0f21767f6e4cbf31ed6dc9190c40b18bc322381c79da0a630b9cad9c1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:6b89cc6b664a68b5cdaa81a1485322a9fc60dd209bd9dccd4e700b405c89c702_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:b4411c648954c8d21895ce18425a0b891d2216379cfd4fc406cf6a1cc8c02b23_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:c1a1ba28965ced479dff6faa839fcc0e481c15465040876cbb8ed14c1f481035_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:88ecf6133e82478410fa429112b0912b98f4c01654d10f34575953b5e19f193c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:c53b2ac2ebd78b8ff281b14f3da41076d247020452af4beaca81570cf7f71362_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:3f8f98bb126920bd023bde3b5caa5bccdc8be8e65645cc6a1c9bbc43f25c31dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:401b29baa802009e8a3b28a59029c3d3dd0b151b6804feba6e4506c2740fb7b5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:be8471dbde00929621e61e57c8dda366b162226a579a66ec872a1d71455aa019_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d9a1d15c4640423514b57b84811352d0cfb4d632faf1f425dc10f15f90ff59d4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5a6bfa602a2065256eb8da856893b3e931c806f5e873c3438d66e02f772c2325_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:80be27c20725f6074859e9ae631176e7ed2b30425c870b8dff2f6408f1dcfd68_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:87574a058d18d6805917dcf2258b928f849c81248600c9b2cc84c90c9d9ce3f1_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:d1379387db8e161b936f433b7d9721ec58924f94ce6c14b5cf216c49727b2a82_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:bee92e4e7d305ab6f48d4a06fa7130f59ceebd004bbe802cd41a1eb4ffb98aee_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6c3e1deb6e373d6f1d71f4e5816c8df96511c2b9089508926f97fa923f301726_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:6f01e4ebd615a60562ab5f0f9adc591b11b972748bfca30bff6d0f20593c3218_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:82deff07c86e7bd1d44ce47cb27bff1af920fd6a7f6858dfee744e8143bb654b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:f23e015b459f42241f494b2c307502c6ca4a12e74bbcfc032f9a22a9f71d7ca0_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9141a0390a9a24b37fff256f287969f6f200c116d143c45572dd2b0ed2ca8634_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb361b9fd163c98f8345407e763448c3a75b74643e392d742164eb6b0177cbe7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame"
}
]
}
RHSA-2026:36873
Vulnerability from csaf_redhat - Published: 2026-07-08 20:50 - Updated: 2026-07-08 23:31A memory exhaustion vulnerability was found in CoreDNS when operating with QUIC traffic streams. The CoreDNS server in affected versions would spawn a new goroutine for each incoming QUIC stream without limit. This flaw allows a malicious user to create an unbounded number of QUIC streams and consume all available resources, leading to an application level denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS's loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted repository data and filesystem structures, leading to panics, infinite loops, uncontrolled recursion, or excessive resource consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:36873 | self |
| https://access.redhat.com/security/cve/CVE-2025-47950 | external |
| https://access.redhat.com/security/cve/CVE-2025-59530 | external |
| https://access.redhat.com/security/cve/CVE-2025-61726 | external |
| https://access.redhat.com/security/cve/CVE-2025-61729 | external |
| https://access.redhat.com/security/cve/CVE-2025-68121 | external |
| https://access.redhat.com/security/cve/CVE-2025-68151 | external |
| https://access.redhat.com/security/cve/CVE-2026-26017 | external |
| https://access.redhat.com/security/cve/CVE-2026-26018 | external |
| https://access.redhat.com/security/cve/CVE-2026-44740 | external |
| https://access.redhat.com/security/cve/CVE-2026-53488 | external |
| https://access.redhat.com/security/cve/CVE-2026-53492 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2025-47950 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2370860 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-47950 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-47950 | external |
| https://datatracker.ietf.org/doc/html/rfc9250 | external |
| https://github.com/coredns/coredns/commit/efaed02… | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://github.com/quic-go/quic-go | external |
| https://www.usenix.org/conference/usenixsecurity2… | external |
| https://access.redhat.com/security/cve/CVE-2025-59530 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2403125 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-59530 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-59530 | external |
| https://github.com/quic-go/quic-go/blob/v0.55.0/c… | external |
| https://github.com/quic-go/quic-go/pull/5354 | external |
| https://github.com/quic-go/quic-go/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2025-61726 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2434432 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-61726 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-61726 | external |
| https://go.dev/cl/736712 | external |
| https://go.dev/issue/77101 | external |
| https://groups.google.com/g/golang-announce/c/Vd2… | external |
| https://pkg.go.dev/vuln/GO-2026-4341 | external |
| https://access.redhat.com/security/cve/CVE-2025-61729 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2418462 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-61729 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-61729 | external |
| https://go.dev/cl/725920 | external |
| https://go.dev/issue/76445 | external |
| https://groups.google.com/g/golang-announce/c/8FJ… | external |
| https://pkg.go.dev/vuln/GO-2025-4155 | external |
| https://access.redhat.com/security/cve/CVE-2025-68121 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2437111 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-68121 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-68121 | external |
| https://go.dev/cl/737700 | external |
| https://go.dev/issue/77217 | external |
| https://groups.google.com/g/golang-announce/c/K09… | external |
| https://pkg.go.dev/vuln/GO-2026-4337 | external |
| https://access.redhat.com/security/cve/CVE-2025-68151 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2428009 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-68151 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-68151 | external |
| https://github.com/coredns/coredns/commit/0d8cbb1… | external |
| https://github.com/coredns/coredns/pull/7490 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-26017 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445244 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26017 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26017 | external |
| https://github.com/coredns/coredns/releases/tag/v1.14.2 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-26018 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445242 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26018 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26018 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-44740 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483894 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44740 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44740 | external |
| https://github.com/go-git/go-billy/releases/tag/v5.9.0 | external |
| https://github.com/go-git/go-billy/releases/tag/v… | external |
| https://github.com/go-git/go-billy/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-53488 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2495815 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-53488 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-53488 | external |
| https://github.com/containerd/containerd/security… | external |
| https://access.redhat.com/security/cve/CVE-2026-53492 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2496130 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-53492 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-53492 | external |
| https://github.com/containerd/containerd/security… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner v0.20 General Availability release images, which provide enhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.\nRed Hat Advanced Cluster Management for Kubernetes v2.13",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36873",
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47950",
"url": "https://access.redhat.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59530",
"url": "https://access.redhat.com/security/cve/CVE-2025-59530"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68151",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26017",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26018",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44740",
"url": "https://access.redhat.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53488",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53492",
"url": "https://access.redhat.com/security/cve/CVE-2026-53492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36873.json"
}
],
"title": "Red Hat Security Advisory: Submariner v0.20 security fixes and container updates",
"tracking": {
"current_release_date": "2026-07-08T23:31:57+00:00",
"generator": {
"date": "2026-07-08T23:31:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36873",
"initial_release_date": "2026-07-08T20:50:51+00:00",
"revision_history": [
{
"date": "2026-07-08T20:50:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-08T20:50:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T23:31:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.13::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Management for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Af856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1782924920"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1782924937"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3Ae17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1782926302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1782945263"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256%3Adddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=1783001304"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1782925247"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1782925266"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3Abda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1782933193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1782925328"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ab6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1782924920"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1782924937"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1782926302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Ae0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1782945263"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3Ae2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1782925247"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1782925266"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1782933193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3Afb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1782925328"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ac045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1782924920"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Af10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1782924937"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3Acbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1782926302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Ad6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1782945263"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1782925247"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Acdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1782925266"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1782933193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1782925328"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1782924920"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1782924937"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1782926302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Aa8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1782945263"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3Acdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1782925247"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1782925266"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3Acda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1782933193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1782925328"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47950",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-06-06T18:00:49.860708+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370860"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion vulnerability was found in CoreDNS when operating with QUIC traffic streams. The CoreDNS server in affected versions would spawn a new goroutine for each incoming QUIC stream without limit. This flaw allows a malicious user to create an unbounded number of QUIC streams and consume all available resources, leading to an application level denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "On a Red Hat system, a denial of service to the CoreDNS service will not take down the host system, so the availability impact is assessed as Low for Red Hat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "RHBZ#2370860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9250",
"url": "https://datatracker.ietf.org/doc/html/rfc9250"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1",
"url": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go",
"url": "https://github.com/quic-go/quic-go"
},
{
"category": "external",
"summary": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella",
"url": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella"
}
],
"release_date": "2025-06-06T17:32:30.218000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Users unable to upgrade should manually disable the QUIC protocol support.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification"
},
{
"cve": "CVE-2025-59530",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-10T17:01:16.758297+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403125"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability risk is limited to applications which includethe quic-go library. Host Red Hat systems are not at risk of availability degradation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59530"
},
{
"category": "external",
"summary": "RHBZ#2403125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59530",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59530"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685",
"url": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/pull/5354",
"url": "https://github.com/quic-go/quic-go/pull/5354"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw",
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw"
}
],
"release_date": "2025-10-10T16:09:55.227000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-08T16:01:04.891768+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428009"
}
],
"notes": [
{
"category": "description",
"text": "Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "RHBZ#2428009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812",
"url": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/pull/7490",
"url": "https://github.com/coredns/coredns/pull/7490"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2"
}
],
"release_date": "2026-01-08T15:33:12.711000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages"
},
{
"cve": "CVE-2026-26017",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-06T16:01:45.971241+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as \u0027acl\u0027, are evaluated before the \u0027rewrite\u0027 plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "RHBZ#2445244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26017"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
}
],
"release_date": "2026-03-06T15:36:15.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw"
},
{
"cve": "CVE-2026-26018",
"cwe": {
"id": "CWE-1241",
"name": "Use of Predictable Algorithm in Random Number Generator"
},
"discovery_date": "2026-03-06T16:01:38.150099+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445242"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS\u0027s loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "RHBZ#2445242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
}
],
"release_date": "2026-03-06T15:35:50.801000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation"
},
{
"cve": "CVE-2026-44740",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-01T17:01:53.685793+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483894"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted repository data and filesystem structures, leading to panics, infinite loops, uncontrolled recursion, or excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important severity issue. The `go-billy` library, a Go filesystem abstraction, is vulnerable to a denial of service when processing crafted or malformed input, such as untrusted repository data or filesystem structures. Insufficient validation and missing safety mechanisms can lead to panics, infinite loops, or excessive resource consumption, potentially impacting the availability of applications that rely on this library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "RHBZ#2483894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483894"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44740"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-billy/releases/tag/v5.9.0",
"url": "https://github.com/go-git/go-billy/releases/tag/v5.9.0"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1",
"url": "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6",
"url": "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6"
}
],
"release_date": "2026-06-01T16:04:50.358000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "To mitigate the issue, we suggest upgrading to versions 5.9.0+ or 6.0.0-alpha.1+",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation"
},
{
"cve": "CVE-2026-53488",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-07-01T02:01:09.589815+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2495815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in containerd where the CRI plugin propagates labels from an image configuration (LABEL instruction in a Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host via a plugin that consumes container labels for operations, such as the restart-monitor binary:// logger. An attacker who can cause a crafted container image to be pulled and run can achieve host-level code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "RHBZ#2495815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp"
}
],
"release_date": "2026-07-01T00:11:20.610000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Restrict container image pulls to trusted registries using admission policies or image signature verification. Where containerd is used as the container runtime, disable or restrict the binary:// logger URI scheme in the containerd configuration to prevent the label-to-logger attack path.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin"
},
{
"cve": "CVE-2026-53492",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-07-01T19:01:34.238078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2496130"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Important. In Red Hat OpenShift Container Platform, a user with pod creation permissions could bypass standard Kubernetes resource allocation and device plugin enforcement. This is due to containerd\u0027s Container Runtime Interface (CRI) improperly trusting Container Device Interface (CDI) annotations during container restoration. Exploitation requires CDI to be enabled on the node and a matching host CDI specification for the requested device.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53492"
},
{
"category": "external",
"summary": "RHBZ#2496130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496130"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
}
],
"release_date": "2026-07-01T17:59:12.552000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration."
}
]
}
WID-SEC-W-2025-1261
Vulnerability from csaf_certbund - Published: 2025-06-09 22:00 - Updated: 2025-11-20 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source CoreDNS <1.12.2
Open Source / CoreDNS
|
<1.12.2 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://github.com/advisories/GHSA-cvx7-x8pj-x2gw | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2370860 | external |
| https://access.redhat.com/errata/RHSA-2025:21892 | external |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CoreDNS ist ein DNS server.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in CoreDNS ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1261 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1261.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1261 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1261"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cvx7-x8pj-x2gw vom 2025-06-09",
"url": "https://github.com/advisories/GHSA-cvx7-x8pj-x2gw"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2370860 vom 2025-06-09",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370860"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21892 vom 2025-11-20",
"url": "https://access.redhat.com/errata/RHSA-2025:21892"
}
],
"source_lang": "en-US",
"title": "CoreDNS: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-11-20T23:00:00.000+00:00",
"generator": {
"date": "2025-11-21T08:23:03.920+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1261",
"initial_release_date": "2025-06-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-20T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.12.2",
"product": {
"name": "Open Source CoreDNS \u003c1.12.2",
"product_id": "T044438"
}
},
{
"category": "product_version",
"name": "1.12.2",
"product": {
"name": "Open Source CoreDNS 1.12.2",
"product_id": "T044438-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:coredns:coredns:1.12.2"
}
}
}
],
"category": "product_name",
"name": "CoreDNS"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47950",
"product_status": {
"known_affected": [
"T044438",
"67646"
]
},
"release_date": "2025-06-09T22:00:00.000+00:00",
"title": "CVE-2025-47950"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.