Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:6085
HistoryOct 24, 2023 - 3:31 p.m.

(RHSA-2023:6085) Important: Red Hat OpenShift distributed tracing security update

2023-10-2415:31:15
access.redhat.com
25
red hat openshift
distributed tracing
security update
golang
http/2
ddos attack
cve-2023
cvss score
acknowledgments
references
vulnerabilities

0.72 High

EPSS

Percentile

98.0%

JSON

Security Fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

  • golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

  • golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

  • golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)

  • golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)

  • golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)

  • golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 88
redhat 46
oraclelinux 10
osv 13
almalinux 8
openvas 16
freebsd 1
photon 1
amazon 2
rocky 4
ibm 8
ubuntu 1
ubuntucve 1
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)
2024-01-24 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)
2024-04-28 00:00:00
Oracle Linux 9 : buildah (ELSA-2023-7764)
2023-12-15 00:00:00
redhat
redhat
(RHSA-2023:6840) Important: OpenShift Container Platform 4.14.2 packages and security update
2023-11-15 04:30:20
(RHSA-2023:7762) Moderate: skopeo security update
2023-12-12 16:42:25
(RHSA-2023:7765) Moderate: podman security update
2023-12-12 16:42:34
oraclelinux
oraclelinux
podman security update
2023-12-14 00:00:00
buildah security update
2023-12-14 00:00:00
containernetworking-plugins security update
2023-12-13 00:00:00
osv
osv
Moderate: buildah security update
2023-12-12 00:00:00
Moderate: skopeo security update
2023-12-12 00:00:00
Moderate: podman security update
2023-12-12 00:00:00
almalinux
almalinux
Moderate: buildah security update
2023-12-12 00:00:00
Moderate: podman security update
2023-12-12 00:00:00
Moderate: containernetworking-plugins security update
2023-12-12 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3213)
2023-11-10 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3178)
2023-11-10 00:00:00
openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:3701-1)
2024-03-04 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-09-06 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-4.0-0484
2023-10-05 00:00:00
amazon
amazon
Important: golang
2023-10-16 13:45:00
Important: cni-plugins
2023-08-17 11:58:00
rocky
rocky
go-toolset and golang security and bug fix update
2023-10-24 18:37:03
toolbox security update
2023-11-11 23:00:15
go-toolset:rhel8 security update
2023-10-24 18:35:47
ibm
ibm
Security Bulletin: IBM Cloud Pak for Data Scheduling was built with a vulnerable golang compiler. ( CVE-2023-29406, CVE-2023-29409 )
2023-12-06 16:00:05
Security Bulletin: Vulnerabilities in Golang Go affect Cloud pak System [CVE-2023-39319, CVE-2023-39318]
2024-01-03 18:19:10
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service, remote code execution, and cross-site scripting due to multiple vulnerabilities in Go
2023-12-04 09:24:10
ubuntu
ubuntu
Go vulnerabilities
2024-01-11 00:00:00
ubuntucve
ubuntucve
CVE-2023-44487
2023-10-10 00:00:00

0.72 High

EPSS

Percentile

98.0%

JSON
Related for RHSA-2023:6085
nessus88redhat46oraclelinux10osv13almalinux8openvas16freebsd1photon1amazon2rocky4ibm8ubuntu1ubuntucve1