Show plain JSON{"affected_release": [{"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/client-kn-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-sugar-controller-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.20.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.20.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:0.26.0-2", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/kourier-control-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.20.0-3", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.20.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serving-activator-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serving-controller-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serving-domain-mapping-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serving-queue-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:0.26.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.20.0-1", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:0.26.0-2", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:0.26.0-2", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:0.26.0-2", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0434", "cpe": "cpe:/a:redhat:serverless:1.20::el8", "package": "openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:0.26.0-2", "product_name": "Openshift Serveless 1.20", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0432", "cpe": "cpe:/a:redhat:serverless:1.0::el8", "package": "openshift-serverless-clients-0:0.26.0-2.el8", "product_name": "Openshift Serverless 1 on RHEL 8", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1819", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "go-toolset:rhel8-8060020220221035359.76a129d7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:4814", "cpe": "cpe:/a:redhat:rhmt:1.6::el8", "package": "rhmtc/openshift-migration-velero-rhel8:v1.6.5-3", "product_name": "Red Hat Migration Toolkit for Containers 1.6", "release_date": "2022-05-31T00:00:00Z"}, {"advisory": "RHSA-2022:0655", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "impact": "low", "package": "openshift4/ose-installer:v4.9.0-202202212240.p0.g4391c01.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2022-02-28T00:00:00Z"}, {"advisory": "RHSA-2021:4902", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.67::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:3.67.0-3", "product_name": "RHACS-3.67-RHEL-8", "release_date": "2021-12-01T00:00:00Z"}], "bugzilla": {"description": "golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)", "id": "2006044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006044"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.", "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could cause a denial of service via memory exhaustion or panic. This particular flaw is an incomplete fix for a previous flaw."], "name": "CVE-2021-39293", "package_state": [{"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Affected", "package_name": "CLI", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Affected", "package_name": "knative-eventing", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Affected", "package_name": "servicemesh-operator", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Out of support scope", "package_name": "golang", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Out of support scope", "package_name": "grafana", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "golang", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "golang-github-prometheus-node_exporter", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "grafana", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "grafana-container", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Affected", "package_name": "rhceph/rhceph-4-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:devtools:", "fix_state": "Fix deferred", "package_name": "go-toolset-1.15-golang", "product_name": "Red Hat Developer Tools"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "golang", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:1.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:2.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "golang", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "impact": "low", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift-clients", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "mcg", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/ocs-must-gather-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "bridge-marker-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "cluster-network-addons-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "cnv-containernetworking-plugins-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "cnv-must-gather-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "container-native-virtualization/kubevirt-cpu-node-labeller", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "container-native-virtualization/vm-import-controller-rhel8", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "hostpath-provisioner-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "hostpath-provisioner-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "hyperconverged-cluster-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "hyperconverged-cluster-webhook-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "kubemacpool-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "kubernetes-nmstate-handler-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "kubevirt-ssp-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "kubevirt-template-validator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "kubevirt-vmware-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "node-maintenance-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "ovs-cni-marker-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "ovs-cni-plugin-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-api-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-cdi-apiserver-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-cdi-cloner-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-cdi-controller-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-cdi-importer-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-cdi-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-cdi-uploadproxy-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-cdi-uploadserver-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-controller-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-handler-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-launcher-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "virt-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Not affected", "package_name": "vm-import-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/bridge-marker", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/cluster-network-addons-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/cnv-containernetworking-plugins", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/cnv-must-gather-rhel8", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/hostpath-provisioner-rhel8", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/hostpath-provisioner-rhel8-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/hyperconverged-cluster-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/kubemacpool", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/kubevirt-ssp-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/kubevirt-template-validator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/kubevirt-vmware", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/node-maintenance-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/ovs-cni-marker", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/ovs-cni-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-api", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-cdi-apiserver", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-cdi-cloner", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-cdi-controller", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-cdi-importer", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-cdi-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-cdi-uploadproxy", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-cdi-uploadserver", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-controller", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-handler", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-launcher", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/virt-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/vm-import-controller-rhel8", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/vm-import-operator-rhel8", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Not affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Not affected", "package_name": "golang-github-vbatts-tar-split", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "golang-github-vbatts-tar-split", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-bridge-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-container-security-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-openshift-bridge-rhel8-operator", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "etcd", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "heketi", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "rhgs3/rhgs-gluster-block-prov-rhel7", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:stf:1.0::el7", "fix_state": "Will not fix", "package_name": "smart-gateway-container", "product_name": "Service Telemetry Framework 1.2 for RHEL 8"}, {"cpe": "cpe:/a:redhat:stf:1.0::el7", "fix_state": "Will not fix", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.2 for RHEL 8"}, {"cpe": "cpe:/a:redhat:stf:1.3::el8", "fix_state": "Will not fix", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.3 for RHEL 8"}], "public_date": "2021-08-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-39293\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-39293\nhttps://groups.google.com/g/golang-announce/c/dx9d7IOseHw"], "statement": "* In OpenShift Container Platform, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Platform.\n* This flaw is out of support scope for Red Hat Enterprise Linux 7. For more information about Red Hat Enterprise Linux support scope, please see https://access.redhat.com/support/policy/updates/errata\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw's impact is lower, no update will be provided at this time for STF1.2's smart-gateway-container and sg-core-container.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", "threat_severity": "Moderate"} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat