RHSA-2026:0671
Vulnerability from csaf_redhat - Published: 2026-01-15 08:34 - Updated: 2026-01-15 16:28Summary
Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.8.4
Notes
Topic
Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.8.4 General Availability release, with updates to container images.
Details
Assisted Installer RHEL 9 integrates components for the general multicluster engine
for Kubernetes 2.8.4 release that simplify the process of deploying OpenShift Container
Platform clusters.
The multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.
You can use the engine to create new Red Hat OpenShift Container Platform
clusters, or to import existing Kubernetes-based clusters for management.
After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.8.4 General Availability release, with updates to container images.",
"title": "Topic"
},
{
"category": "general",
"text": "Assisted Installer RHEL 9 integrates components for the general multicluster engine\nfor Kubernetes 2.8.4 release that simplify the process of deploying OpenShift Container\nPlatform clusters.\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters, or to import existing Kubernetes-based clusters for management.\n\nAfter the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0671",
"url": "https://access.redhat.com/errata/RHSA-2026:0671"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0671.json"
}
],
"title": "Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.8.4",
"tracking": {
"current_release_date": "2026-01-15T16:28:59+00:00",
"generator": {
"date": "2026-01-15T16:28:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0671",
"initial_release_date": "2026-01-15T08:34:14+00:00",
"revision_history": [
{
"date": "2026-01-15T08:34:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-15T08:34:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-15T16:28:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "multicluster engine for Kubernetes 2.8",
"product": {
"name": "multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_engine:2.8::el9"
}
}
}
],
"category": "product_family",
"name": "multicluster engine for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767790895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3Ac098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767786197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Aab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3Ab55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767756387"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767790895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3Af970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767786197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767756387"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767790895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767786197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Aedbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3Af247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767756387"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767790895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3Abbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767786197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767756387"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64 as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le as a component of multicluster engine for Kubernetes 2.8",
"product_id": "multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T08:34:14+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.13.",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0671"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2777301e91bfe2b4e95d5b40f799d7e2c053f822bb10b5266c63bf8c8d1903c6_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:2872f68870e5817bcd0eef608a4c33cb538334435c7816d222975f70a705ca1f_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:63e1f54619cb21e9f31a07da7f1ce8be5c3d16660eb7007b399bf7280de0eb31_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:7fedfb8105ac7b2aaab4674ca7f22cc056371f8fe6e9700aed39891b2c50dfaa_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:5af57b5d630b69b1084ccc4df199b32bcd51c15f198d9aade47c631ad5335bb6_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:7d2c9d73bd57bf23a2cbf16103c54642ce2c1fdad9adbad4aa1b5ba3173b0d28_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:bbf6ee1f54424ea6c420e4b0da87ae2db2f41739b4e22d850b29782fa3d643f5_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:c098d074342ba585eb386c557552fdad1046fe724a681cbf0ecf4a7f2303dc09_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:262497829ec2e9b0f81ff7a2f1c0320da07d9344c19d7fdc9bb7c624c3c42e16_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:99f295918dadc57cce6c106c009cda4f466c5ce35c1cc50d5590dc4834abe8a5_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:ab1b7f62b41c89a1171681ec37a1f3d8157fd7e65186ec54d299b3627ab667d1_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:edbaee43fa5bcdca07f02d2e5ea56d78ba33e23a90ae4c9ff3dbccf4fbd29b21_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:0fed9a183b555fce22114bf7d2c0ab6c1a4d03a9b3c3012d4f021902172664cc_ppc64le",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4f03ee174054e6955ffabd25c2167b575d04402fd06c2179d813c8714ef8fa97_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8f66a099d1a65587f91820bc1142833b8fc288888c91432cc3186f527ba9d994_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:f970822d7b9cdf2e7975513ec82c63533fa20310e689cd777e661eeeadbae76e_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:22f172bdcc9b089913ad755dca59a3849c88116d5cb036c1bb1affc623766933_arm64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6ba638981a33fe5feaab3bc7850225c67794153b6f01bb3d9d6109ec935c9be8_s390x",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:b55f2e8eaaea5442292786c9516c01ff7f0904e4609943d401af6bfa884f7edc_amd64",
"multicluster engine for Kubernetes 2.8:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:f247f9b0c95b1f37ef2221f521a1adc28753a819100fac140ff086a3ce7bf0bf_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…