CVE-2023-29409 - Vulnerability Details

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Golang	Go
Redhat	Ansible Automation Platform Cert Manager Cryostat Enterprise Linux Logging Migration Toolkit Applications Migration Toolkit Virtualization Network Observ Optr Openshift Openshift Api Data Protection Openshift Data Foundation Openshift Distributed Tracing Openshift Secondary Scheduler Openshift Serverless Openstack Rhmt Run Once Duration Override Operator Serverless Service Telemetry Framework

Configuration 1 [-]

OR	cpe:2.3:a:golang:go::::::::
	cpe:2.3:a:golang:go::::::::
	cpe:2.3:a:golang:go:1.21.0:rc1::::::
	cpe:2.3:a:golang:go:1.21.0:rc2::::::
	cpe:2.3:a:golang:go:1.21.0:rc3::::::

Package	CPE	Advisory	Released Date
CERT-MANAGER-1.11-RHEL-9
cert-manager/cert-manager-operator-rhel9:v1.11.5-5	cpe:/a:redhat:cert_manager:1.11::el9	RHSA-2023:6279	2023-11-15T00:00:00Z
Cryostat 2 on RHEL 8
cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11	cpe:/a:redhat:cryostat:2::el8	RHSA-2023:6031	2023-10-23T00:00:00Z
Migration Toolkit for Virtualization 2.4
migration-toolkit-virtualization/mtv-rhel8-operator:2.4.3-3	cpe:/a:redhat:migration_toolkit_virtualization:2.4::el8	RHBA-2023:6109	2023-10-25T00:00:00Z
MTA-6.2-RHEL-8
mta/mta-rhel8-operator:6.2.2-3	cpe:/a:redhat:migration_toolkit_applications:6.2::el8	RHSA-2024:1027	2024-02-28T00:00:00Z
MTA-6.2-RHEL-9
mta/mta-hub-rhel9:6.2.2-2	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
mta/mta-operator-bundle:6.2.2-5	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
mta/mta-pathfinder-rhel9:6.2.2-2	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
mta/mta-ui-rhel9:6.2.2-2	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
mta/mta-windup-addon-rhel9:6.2.2-3	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:1027	2024-02-28T00:00:00Z
NETWORK-OBSERVABILITY-1.4.0-RHEL-9
network-observability/network-observability-rhel9-operator:v1.4.0-51	cpe:/a:redhat:network_observ_optr:1.4.0::el9	RHSA-2023:5974	2023-10-20T00:00:00Z
OADP-1.1-RHEL-8
oadp/oadp-velero-rhel8:1.1.7-6	cpe:/a:redhat:openshift_api_data_protection:1.1::el8	RHSA-2023:6115	2023-10-25T00:00:00Z
Openshift Serverless 1 on RHEL 8
openshift-serverless-clients-0:1.9.2-4.el8	cpe:/a:redhat:serverless:1.0::el8	RHSA-2023:6298	2023-11-03T00:00:00Z
OSSO-1.1-RHEL-8
openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-37	cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8	RHSA-2023:5933	2023-10-26T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 8
receptor-0:1.4.2-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2023:5805	2023-10-17T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 9
receptor-0:1.4.2-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2023:5805	2023-10-17T00:00:00Z
Red Hat Enterprise Linux 8
go-toolset:rhel8-8080020231013004859.6b4b45d8	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5721	2023-10-16T00:00:00Z
container-tools:4.0-8090020231207142256.d7b6f4b7	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0121	2024-01-10T00:00:00Z
container-tools:rhel8-8100020240227110532.82888897	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:2988	2024-05-22T00:00:00Z
Red Hat Enterprise Linux 9
golang-0:1.19.13-1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5738	2023-10-16T00:00:00Z
skopeo-2:1.13.3-3.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7762	2023-12-12T00:00:00Z
runc-4:1.1.9-2.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7763	2023-12-12T00:00:00Z
buildah-1:1.31.3-2.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7764	2023-12-12T00:00:00Z
podman-2:4.6.1-7.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7765	2023-12-12T00:00:00Z
containernetworking-plugins-1:1.3.0-6.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7766	2023-12-12T00:00:00Z
Red Hat Migration Toolkit for Containers 1.7
rhmtc/openshift-velero-plugin-rhel8:v1.7.14-3	cpe:/a:redhat:rhmt:1.7::el8	RHSA-2023:6161	2023-10-30T00:00:00Z
Red Hat OpenShift Container Platform 4.14
podman-3:4.4.1-10.1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
runc-4:1.1.9-2.1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift-clients-0:4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:6840	2023-11-15T00:00:00Z
openshift-0:4.14.0-202401121302.p0.ge36e183.assembly.stream.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2024:0293	2024-01-23T00:00:00Z
microshift-0:4.14.10-202401181720.p0.gd25a4c5.assembly.4.14.10.el9	cpe:/a:redhat:openshift:4.14::el9	RHSA-2024:0292	2024-01-23T00:00:00Z
Red Hat OpenShift distributed tracing 2
jaeger-agent-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-all-in-one-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-collector-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-es-index-cleaner-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-es-rollover-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-ingester-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-operator-bundle-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-operator-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
jaeger-query-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
opentelemetry-collector-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
opentelemetry-operator-bundle-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
opentelemetry-operator-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-gateway-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-gateway-opa-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-operator-bundle-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-operator-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
tempo-query-container	cpe:/a:redhat:openshift_distributed_tracing:2.9::el8	RHSA-2023:6085	2023-10-24T00:00:00Z
Red Hat OpenShift Serverless 1.30
openshift-serverless-1/client-kn-rhel8:1.9.2-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-controller-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.9.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtping-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-storage-version-migration-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/eventing-webhook-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/func-utils-rhel8:1.30.2-2	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/ingress-rhel8-operator:1.30.2-3	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/knative-rhel8-operator:1.30.2-3	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/kn-cli-artifacts-rhel8:1.9.2-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/kourier-control-rhel8:1.9.0-5	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/net-istio-controller-rhel8:1.9.0-5	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/net-istio-webhook-rhel8:1.9.0-5	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serverless-operator-bundle:1.30.2-2	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serverless-rhel8-operator:1.30.2-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-activator-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-autoscaler-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-controller-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-domain-mapping-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-queue-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-storage-version-migration-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/serving-webhook-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1/svls-must-gather-rhel8:1.30.2-1	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.9.0-4	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8:1.30.0-8	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.30.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.30.0-9	cpe:/a:redhat:openshift_serverless:1.30::el8	RHSA-2023:6296	2023-11-02T00:00:00Z
Red Hat OpenStack Platform 16.2
rhosp-rhel8/osp-director-agent:1.3.0-10	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5935	2023-10-19T00:00:00Z
rhosp-rhel8/osp-director-downloader:1.3.0-11	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5935	2023-10-19T00:00:00Z
rhosp-rhel8/osp-director-operator:1.3.0-9	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5935	2023-10-19T00:00:00Z
rhosp-rhel8/osp-director-operator-bundle:1.3.0-19	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5935	2023-10-19T00:00:00Z
collectd-libpod-stats-0:1.0.4-5.el8ost	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5964	2023-10-20T00:00:00Z
etcd-0:3.3.23-15.el8ost	cpe:/a:redhat:openstack:16.2::el8	RHSA-2023:5965	2023-10-20T00:00:00Z
Red Hat OpenStack Platform 17.1 for RHEL 9
collectd-libpod-stats-0:1.0.5-6.el9ost	cpe:/a:redhat:openstack:17.1::el9	RHSA-2023:5969	2023-10-20T00:00:00Z
rhosp-rhel9/osp-director-agent:1.3.1-11	cpe:/a:redhat:openstack:17.1::el9	RHSA-2023:5971	2023-10-20T00:00:00Z
rhosp-rhel9/osp-director-downloader:1.3.1-9	cpe:/a:redhat:openstack:17.1::el9	RHSA-2023:5971	2023-10-20T00:00:00Z
rhosp-rhel9/osp-director-operator:1.3.1-11	cpe:/a:redhat:openstack:17.1::el9	RHSA-2023:5971	2023-10-20T00:00:00Z
rhosp-rhel9/osp-director-operator-bundle:1.3.1-18	cpe:/a:redhat:openstack:17.1::el9	RHSA-2023:5971	2023-10-20T00:00:00Z
RHODF-4.15-RHEL-9
odf4/cephcsi-rhel9:v4.15.0-37	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2024:1383	2024-03-19T00:00:00Z
RHOL-5.6-RHEL-8
openshift-logging/logging-loki-rhel8:v2.9.2-2	cpe:/a:redhat:logging:5.6::el8	RHSA-2023:5541	2023-10-20T00:00:00Z
RHOL-5.7-RHEL-8
openshift-logging/logging-loki-rhel8:v2.9.2-1	cpe:/a:redhat:logging:5.7::el8	RHSA-2023:5530	2023-10-20T00:00:00Z
RODOO-1.0-RHEL-8
run-once-duration-override-operator/run-once-duration-override-rhel8:v1.0-30	cpe:/a:redhat:run_once_duration_override_operator:1.0::el8	RHSA-2023:5947	2023-10-26T00:00:00Z
STF-1.5-RHEL-8
stf/prometheus-webhook-snmp-rhel8:1.5.2-8	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/service-telemetry-operator-bundle:1.5.1697612918-1	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/service-telemetry-rhel8-operator:1.5.1-8	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/sg-bridge-rhel8:1.5.0-18	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/sg-core-rhel8:5.1.1-8	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/smart-gateway-operator-bundle:5.0.1697612918-1	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z
stf/smart-gateway-rhel8-operator:5.0.1-9	cpe:/a:redhat:service_telemetry_framework:1.5::el8	RHSA-2023:5976	2023-10-20T00:00:00Z

References

Link	Providers
https://go.dev/cl/515257
https://go.dev/issue/61460
https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ
https://nvd.nist.gov/vuln/detail/CVE-2023-29409
https://pkg.go.dev/vuln/GO-2023-1987
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20230831-0010/
https://www.cve.org/CVERecord?id=CVE-2023-29409

History

Tue, 22 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 08 Sep 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Distributed Tracing
CPEs		cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products		Redhat openshift Distributed Tracing

Mon, 19 Aug 2024 22:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift_distributed_tracing:2.9::el8~~
Vendors & Products	Redhat openshift Distributed Tracing

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2023-08-02T19:47:23.829Z

Updated: 2025-02-13T16:49:16.368Z

Reserved: 2023-04-05T19:36:35.043Z

Link: CVE-2023-29409

Vulnrichment

Updated: 2024-08-02T14:07:46.160Z

NVD

Status : Modified

Published: 2023-08-02T20:15:11.940

Modified: 2024-11-21T07:57:00.287

Link: CVE-2023-29409

Redhat

Severity : Moderate

Publid Date: 2023-08-02T00:00:00Z

Links: CVE-2023-29409 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29409", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2023-04-05T19:36:35.043Z", "datePublished": "2023-08-02T19:47:23.829Z", "dateUpdated": "2025-02-13T16:49:16.368Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-11-25T11:09:25.696Z"}, "title": "Large RSA keys can cause high CPU usage in crypto/tls", "descriptions": [{"lang": "en", "value": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable."}], "affected": [{"vendor": "Go standard library", "product": "crypto/tls", "collectionURL": "https://pkg.go.dev", "packageName": "crypto/tls", "versions": [{"version": "0", "lessThan": "1.19.12", "status": "affected", "versionType": "semver"}, {"version": "1.20.0-0", "lessThan": "1.20.7", "status": "affected", "versionType": "semver"}, {"version": "1.21.0-0", "lessThan": "1.21.0-rc.4", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "Conn.verifyServerCertificate"}, {"name": "Conn.processCertsFromClient"}, {"name": "Conn.Handshake"}, {"name": "Conn.HandshakeContext"}, {"name": "Conn.Read"}, {"name": "Conn.Write"}, {"name": "Dial"}, {"name": "DialWithDialer"}, {"name": "Dialer.Dial"}, {"name": "Dialer.DialContext"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "references": [{"url": "https://go.dev/issue/61460"}, {"url": "https://go.dev/cl/515257"}, {"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"}, {"url": "https://pkg.go.dev/vuln/GO-2023-1987"}, {"url": "https://security.netapp.com/advisory/ntap-20230831-0010/"}, {"url": "https://security.gentoo.org/glsa/202311-09"}], "credits": [{"lang": "en", "value": "Mateusz Poliwczak"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:46.160Z"}, "title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/61460", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/515257", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2023-1987", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230831-0010/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202311-09", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T14:15:51.334084Z", "id": "CVE-2023-29409", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T14:16:01.839Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/61460", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/515257", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2023-1987", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230831-0010/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202311-09", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:46.160Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-29409", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T14:15:51.334084Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T14:15:57.131Z"}}], "cna": {"title": "Large RSA keys can cause high CPU usage in crypto/tls", "credits": [{"lang": "en", "value": "Mateusz Poliwczak"}], "affected": [{"vendor": "Go standard library", "product": "crypto/tls", "versions": [{"status": "affected", "version": "0", "lessThan": "1.19.12", "versionType": "semver"}, {"status": "affected", "version": "1.20.0-0", "lessThan": "1.20.7", "versionType": "semver"}, {"status": "affected", "version": "1.21.0-0", "lessThan": "1.21.0-rc.4", "versionType": "semver"}], "packageName": "crypto/tls", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "Conn.verifyServerCertificate"}, {"name": "Conn.processCertsFromClient"}, {"name": "Conn.Handshake"}, {"name": "Conn.HandshakeContext"}, {"name": "Conn.Read"}, {"name": "Conn.Write"}, {"name": "Dial"}, {"name": "DialWithDialer"}, {"name": "Dialer.Dial"}, {"name": "Dialer.DialContext"}]}], "references": [{"url": "https://go.dev/issue/61460"}, {"url": "https://go.dev/cl/515257"}, {"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"}, {"url": "https://pkg.go.dev/vuln/GO-2023-1987"}, {"url": "https://security.netapp.com/advisory/ntap-20230831-0010/"}, {"url": "https://security.gentoo.org/glsa/202311-09"}], "descriptions": [{"lang": "en", "value": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-08-02T19:47:23.829Z"}}}, "cveMetadata": {"cveId": "CVE-2023-29409", "state": "PUBLISHED", "dateUpdated": "2024-10-22T14:16:01.839Z", "dateReserved": "2023-04-05T19:36:35.043Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2023-08-02T19:47:23.829Z", "assignerShortName": "Go"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A0D798F-972E-4789-9E60-F04864ACC5A0", "versionEndExcluding": "1.19.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "98D9EFA9-C8A8-4C27-A1F2-DE9798D725FC", "versionEndExcluding": "1.20.7", "versionStartIncluding": "1.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:golang:go:1.21.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "64DE500E-0A99-4890-9D6E-0FBA9E9C3E0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:golang:go:1.21.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "EA9BD1EF-0172-4779-80DC-E316F5361D27", "vulnerable": true}, {"criteria": "cpe:2.3:a:golang:go:1.21.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "80DFE31C-60CD-46E2-B86A-2C8E9057AFEA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable."}], "id": "CVE-2023-29409", "lastModified": "2024-11-21T07:57:00.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-02T20:15:11.940", "references": [{"source": "security@golang.org", "tags": ["Patch"], "url": "https://go.dev/cl/515257"}, {"source": "security@golang.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://go.dev/issue/61460"}, {"source": "security@golang.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"}, {"source": "security@golang.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1987"}, {"source": "security@golang.org", "url": "https://security.gentoo.org/glsa/202311-09"}, {"source": "security@golang.org", "url": "https://security.netapp.com/advisory/ntap-20230831-0010/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://go.dev/cl/515257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://go.dev/issue/61460"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202311-09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230831-0010/"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:6279", "cpe": "cpe:/a:redhat:cert_manager:1.11::el9", "package": "cert-manager/cert-manager-operator-rhel9:v1.11.5-5", "product_name": "CERT-MANAGER-1.11-RHEL-9", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:6031", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHBA-2023:6109", "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.4::el8", "package": "migration-toolkit-virtualization/mtv-rhel8-operator:2.4.3-3", "product_name": "Migration Toolkit for Virtualization 2.4", "release_date": "2023-10-25T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "package": "mta/mta-rhel8-operator:6.2.2-3", "product_name": "MTA-6.2-RHEL-8", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-hub-rhel9:6.2.2-2", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-operator-bundle:6.2.2-5", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-pathfinder-rhel9:6.2.2-2", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-ui-rhel9:6.2.2-2", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1027", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-windup-addon-rhel9:6.2.2-3", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:5974", "cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9", "package": "network-observability/network-observability-rhel9-operator:v1.4.0-51", "product_name": "NETWORK-OBSERVABILITY-1.4.0-RHEL-9", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:6115", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8", "package": "oadp/oadp-velero-rhel8:1.1.7-6", "product_name": "OADP-1.1-RHEL-8", "release_date": "2023-10-25T00:00:00Z"}, {"advisory": "RHSA-2023:6298", "cpe": "cpe:/a:redhat:serverless:1.0::el8", "package": "openshift-serverless-clients-0:1.9.2-4.el8", "product_name": "Openshift Serverless 1 on RHEL 8", "release_date": "2023-11-03T00:00:00Z"}, {"advisory": "RHSA-2023:5933", "cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8", "package": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-37", "product_name": "OSSO-1.1-RHEL-8", "release_date": "2023-10-26T00:00:00Z"}, {"advisory": "RHSA-2023:5805", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "receptor-0:1.4.2-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2023-10-17T00:00:00Z"}, {"advisory": "RHSA-2023:5805", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "receptor-0:1.4.2-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2023-10-17T00:00:00Z"}, {"advisory": "RHSA-2023:5721", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "go-toolset:rhel8-8080020231013004859.6b4b45d8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:0121", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:4.0-8090020231207142256.d7b6f4b7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-10T00:00:00Z"}, {"advisory": "RHSA-2024:2988", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8100020240227110532.82888897", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2023:5738", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "golang-0:1.19.13-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-16T00:00:00Z"}, {"advisory": "RHSA-2023:7762", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "skopeo-2:1.13.3-3.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:7763", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "runc-4:1.1.9-2.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:7764", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "buildah-1:1.31.3-2.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:7765", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "podman-2:4.6.1-7.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:7766", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "containernetworking-plugins-1:1.3.0-6.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:6161", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-velero-plugin-rhel8:v1.7.14-3", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-10-30T00:00:00Z"}, {"advisory": "RHSA-2023:5009", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "podman-3:4.4.1-10.1.rhaos4.14.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:5009", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "runc-4:1.1.9-2.1.rhaos4.14.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:6840", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift-clients-0:4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2024:0293", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift-0:4.14.0-202401121302.p0.ge36e183.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-23T00:00:00Z"}, {"advisory": "RHSA-2024:0292", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "microshift-0:4.14.10-202401181720.p0.gd25a4c5.assembly.4.14.10.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-01-23T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-agent-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-all-in-one-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-collector-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-es-index-cleaner-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-es-rollover-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-ingester-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-operator-bundle-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-operator-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "jaeger-query-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "opentelemetry-collector-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "opentelemetry-operator-bundle-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "opentelemetry-operator-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-gateway-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-gateway-opa-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-operator-bundle-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-operator-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6085", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8", "package": "tempo-query-container", "product_name": "Red Hat OpenShift distributed tracing 2", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.9.2-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.9.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/func-utils-rhel8:1.30.2-2", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.30.2-3", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.30.2-3", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.9.2-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.9.0-5", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.9.0-5", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.9.0-5", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.30.2-2", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.30.2-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-domain-mapping-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.30.2-1", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.9.0-4", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8:1.30.0-8", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.30.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6296", "cpe": "cpe:/a:redhat:openshift_serverless:1.30::el8", "package": "openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.30.0-9", "product_name": "Red Hat OpenShift Serverless 1.30", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:5935", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-agent:1.3.0-10", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5935", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-downloader:1.3.0-11", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5935", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-operator:1.3.0-9", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5935", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "rhosp-rhel8/osp-director-operator-bundle:1.3.0-19", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5964", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "collectd-libpod-stats-0:1.0.4-5.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5965", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "etcd-0:3.3.23-15.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5969", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "collectd-libpod-stats-0:1.0.5-6.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5971", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "rhosp-rhel9/osp-director-agent:1.3.1-11", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5971", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "rhosp-rhel9/osp-director-downloader:1.3.1-9", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5971", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "rhosp-rhel9/osp-director-operator:1.3.1-11", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5971", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "rhosp-rhel9/osp-director-operator-bundle:1.3.1-18", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/cephcsi-rhel9:v4.15.0-37", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2023:5541", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-loki-rhel8:v2.9.2-2", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5530", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/logging-loki-rhel8:v2.9.2-1", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5947", "cpe": "cpe:/a:redhat:run_once_duration_override_operator:1.0::el8", "package": "run-once-duration-override-operator/run-once-duration-override-rhel8:v1.0-30", "product_name": "RODOO-1.0-RHEL-8", "release_date": "2023-10-26T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/prometheus-webhook-snmp-rhel8:1.5.2-8", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/service-telemetry-operator-bundle:1.5.1697612918-1", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/service-telemetry-rhel8-operator:1.5.1-8", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/sg-bridge-rhel8:1.5.0-18", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/sg-core-rhel8:5.1.1-8", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/smart-gateway-operator-bundle:5.0.1697612918-1", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5976", "cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "package": "stf/smart-gateway-rhel8-operator:5.0.1-9", "product_name": "STF-1.5-RHEL-8", "release_date": "2023-10-20T00:00:00Z"}], "bugzilla": {"description": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", "id": "2228743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition."], "name": "CVE-2023-29409", "package_state": [{"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Affected", "package_name": "lvms4/topolvm-rhel9", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Affected", "package_name": "mirror-registry-container", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Not affected", "package_name": "workload-availability/node-healthcheck-rhel8-operator", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nmo:5", "fix_state": "Affected", "package_name": "workload-availability/node-maintenance-rhel8-operator", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "helm", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "ocp-tools-4/jenkins-rhel8", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/subctl-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:application_interconnect:1.0", "fix_state": "Affected", "package_name": "skupper-cli", "product_name": "Red Hat Application Interconnect 1.0"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "integration-service-registry-operator-container", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:certifications:1::el8", "fix_state": "Out of support scope", "package_name": "redhat-certification-cnf", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:certifications:1::el8", "fix_state": "Out of support scope", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:certifications:1::el9", "fix_state": "Out of support scope", "package_name": "redhat-certification-cnf", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:certifications:1::el9", "fix_state": "Out of support scope", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:devtools:", "fix_state": "Affected", "package_name": "go-toolset-1.19-golang", "product_name": "Red Hat Developer Tools"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "git-lfs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "butane", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "git-lfs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "ignition", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "toolbox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "buildah", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "conmon", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-tools", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "ignition", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "sandboxed-containers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "skopeo", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-mm-rest-proxy-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/tempo-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-kam", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_service_on_aws:1", "fix_state": "Affected", "package_name": "rosa", "product_name": "Red Hat OpenShift on AWS"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Will not fix", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Will not fix", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Will not fix", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "ovn-operator-container", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "yggdrasil-worker-forwarder", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "go-toolset-7-golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Out of support scope", "package_name": "heketi", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:webterminal:1", "fix_state": "Fix deferred", "package_name": "web-terminal-operator-container", "product_name": "Red Hat Web Terminal"}, {"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation", "fix_state": "Affected", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}], "public_date": "2023-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-29409\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29409\nhttps://go.dev/cl/515257\nhttps://go.dev/issue/61460\nhttps://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ\nhttps://pkg.go.dev/vuln/GO-2023-1987"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object