ID

VAR-202302-0195

CVE

CVE-2022-4450

TITLE

OpenSSL  Double release vulnerability in

DESCRIPTION

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. OpenSSL has payload data 0 become a part-time worker PEM When creating a file, PEM_read_bio_ex() A double free vulnerability exists because when returns a failure code, it introduces a pointer to an already freed buffer into the header argument.Malicious by attacker PEM Denial of service by providing files ( crash ) It may be in a state. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Bugs fixed (https://bugzilla.redhat.com/): 2171965 - [4.11 clone] Secrets are used in env variables 2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv 2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity 2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs 2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl" 5. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow 5. JIRA issues fixed (https://issues.jboss.org/): MTA-118 - Automated tagging of resources with Windup MTA-123 - MTA crashes cluster nodes when running bulk binary analysis due to requests and limits not being configurable MTA-129 - User field in Manage Import is empty MTA-160 - [Upstream] Maven Repositories "No QueryClient set, use QueryClientProvider to set one" MTA-204 - Every http request made to tagtypes returns HTTP Status 404 MTA-256 - Update application import template MTA-260 - [Regression] Application import through OOTB import template fails MTA-261 - [Regression] UI incorrectly reports target applications have in-progress/complete assessment MTA-263 - [Regression] Discard assessment option present even when assessment is not complete MTA-267 - Analysis EAP targets should include eap8 MTA-268 - RFE: Automated Tagging details to add on Review analysis details page MTA-279 - All types of Source analysis is failing in MTA 6.1.0 MTA-28 - Success Alert is not displayed when subsequent analysis are submitted MTA-282 - Discarding review results in 404 error MTA-283 - Sorting broken on Application inventory page MTA-284 - HTML reports download with no files in reports and stats folders MTA-29 - Asterisk on Description while creating a credentials should be removed MTA-297 - [Custom migration targets] Cannot upload JPG file as an icon MTA-298 - [Custom migration targets] Unclear error when uploading image greater than 1Mb of size MTA-299 - [RFE][Custom migration targets] Assign an icon: Add image max size in the note under the image name MTA-300 - [Custom rules] Cannot upload more than one rules file MTA-303 - [UI][Custom migration targets] The word "Please" should be removed from the error message about existing custom target name MTA-304 - [Custom rules] Failed analysis when retrieving custom rules files from a repository MTA-306 - MTA allows the uploading of multiple binaries for analysis MTA-311 - MTA operator fails to reconcile on a clean (non-upgrade) install MTA-314 - PVCs may not provision if storageClassName is not set. MTA-330 - With auth disabled, 'username' seen in the persona dropdown MTA-332 - Tagging: Few Tags are highlighted with color MTA-34 - Cannot filter by Business Service when copying assessments MTA-345 - [Custom migration targets] Error message "imageID must be defined" is displayed when uploading image MTA-35 - Only the first notification is displayed when discarding multiple copied assessments MTA-350 - Maven Central links from the dependencies tab in reports seem to be broken MTA-351 - AspectJ is not identified as an Open Source Library MTA-356 - The inventory view has to be refreshed for the tags that were assigned by an analysis to appear MTA-363 - [UI][Custom migration targets] "Repository type" field name is missing MTA-364 - [Custom migration targets] Unknown image file when editing a custom migration target MTA-366 - Tagging: For no tags attached "filter by" can be improved MTA-367 - [Custom migration targets] Cannot use a custom migration target in analysis MTA-369 - Custom migration targets: HTML elements are duplicated MTA-375 - Run button does not execute the analysis MTA-377 - [UI][Custom rules] Custom rules screen of the analysis configuration wizard is always marked as required MTA-378 - [UI][Custom rules] Info message on the Custom rules screen is not updated MTA-38 - Only the first notification is displayed when multiple files are imported. MTA-381 - Custom Rules: When try to update Add rules the Error alert is displayed MTA-382 - Custom Rules: Sometimes able to upload duplicate rules files MTA-388 - CSV reports download empty when enabling the option after an analysis MTA-389 - [Custom rules in Analysis] Failed analysis when retrieving custom rules files from a private repository MTA-391 - [Custom rules in Analysis] Targets from uploaded rules file are not removed once the file is removed MTA-392 - Unable to see all custom migration targets when using a vertical monitor MTA-41 - [UI] Failed to refresh token if Keycloak feature "Use Refresh Tokens" is off MTA-412 - Display alert message before reviewing an already reviewed application MTA-428 - [Custom Rules] MTA analysis custom rules conflict message MTA-430 - Analysis wizard: Next button should be enabled only after at least one target is selected MTA-438 - Tagging: Retrieving tags needs a loading indicator MTA-439 - [Regression][Custom rules] Failed to run analysis with custom rules from a repository MTA-443 - Custom rules: Add button can be disabled until duplicate rule file is removed MTA-50 - RFE: Replace the MTA acronym in the title with "Migration Toolkit for Applications" MTA-51 - RFE: " Select the list of packages to be analyzed manually" to modify the title MTA-52 - [RFE] We can change "Not associated artifact" to "No associated artifact" MTA-55 - Can't choose a custom rule via a file explorer(mac OS finder) in Tackle 2.0 MTA-78 - CVE-2022-46364 org.keycloak-keycloak-parent: Apache CXF: SSRF Vulnerability [mta-6.0] MTA-99 - Unable to use root path during checking for maven dependencies 6. Description: Multicluster Engine for Kubernetes 2.1.6 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Jira issue addressed: ACM-3513: MCE 2.1.6 images Security fix(es): * CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 3. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/multicluster_engine_overview#installing-while-connected-online-mce 4. Bugs fixed (https://bugzilla.redhat.com/): 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters 2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2185507 - Release of OpenShift Serverless Serving 1.29.0 2185509 - Release of OpenShift Serverless Eventing 1.29.0 5. Description: Security Fix(es) * CVE-2023-29017 vm2: Sandbox Escape * CVE-2023-29199 vm2: Sandbox Escape * CVE-2023-30547 vm2: Sandbox Escape when exception sanitization 3. See https://access.redhat.com/solutions/7007647 for instructions on how to apply this hotfix, as well as for information about when the hotfix has been superseded by a permanent fix and should be removed. Important: This hotfix is a temporary fix that will be supported until 30 days after the date when the next patch release of the product is released. After the 30-day period ends, you must either update to the latest patch release and remove this hotfix to continue receiving security updates and maintain support or upgrade to a newer feature release of the product. Bugs fixed (https://bugzilla.redhat.com/): 2185374 - CVE-2023-29017 vm2: sandbox escape 2187409 - CVE-2023-29199 vm2: Sandbox Escape 2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization 5. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. JIRA issues fixed (https://issues.redhat.com/): JWS-2933 - Update openssl from JBCS to versions from 2.4.51-SP2 6. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. Summary: The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.12.22 bug fix and security update Advisory ID: RHSA-2023:3615-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:3615 Issue date: 2023-06-22 CVE Names: CVE-2021-4235 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0361 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.12.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.22. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2023:3613 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html Security Fix(es): * go-yaml: Denial of Service in go-yaml (CVE-2021-4235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are: (For x86_64 architecture) The image digest is sha256:ba7956f5c2aae61c8ff3ab1ab2ee7e625db9b1c8964a65339764db79c148e4e6 (For s390x architecture) The image digest is sha256:36d8c9581c255ea3fb48ee8e3b4acb2e4b408f1c3542b16c55c0637403ef29e7 (For ppc64le architecture) The image digest is sha256:1a3f611d665c1d2b2ddb54d4f54e64c181e59fb57ec97c0578cad42c436a9bbc (For aarch64 architecture) The image digest is sha256:36fe7b5c69297210f8bc0303a58c019fdc4ca578d0c3340b1bc847c47e87d333 All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-13785 - EgressNetworkPolicy DNS resolution does not fall back to TCP for truncated responses OCPBUGS-14333 - Package openvswitch2.17 conflicts with openvswitch2.15 during the 4.12 to 4.13 upgrade of RHEL worker OCPBUGS-14454 - CRL configmap is limited by 1MB max, not allowing for multiple public CRLS. (4.12) OCPBUGS-14455 - mtls CRL not working when using an intermediate CA (4.12) OCPBUGS-14647 - Errors when running must-gather for 4.12 Rosa/Hypershift cluster OCPBUGS-14671 - It must be possible to append a piece of FRR configuration to what MetalLB renders OCPBUGS-14717 - Maximum Number Of Egress IPs Supported OCPBUGS-14745 - container_network* metrics stop reporting after container restart OCPBUGS-8673 - [whereabouts-cni] [release-4.12] Backport DualStack and the new reconciler to whereabouts plugin 4.12 6. References: https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZJZol9zjgjWX9erEAQisXA/+NLLB9/gV0VO/r2mMIiaD7nzF25RMNy6E W07FAfzzYtrxMYspYtRAKnPv7tLJJT6Aa+xJ0O8jtnv1P0e1BdOr5MrsHiALZgiQ OWj5Px61nnKIRrrBNAEk2nKs2in96otOZryLzWy2osQCl+T17U1/gEQvpYhl18FE UWIHtP3Rzs1+ZdpgcbqvQtPfeKUAp380dGL8V3Gw4rpVYDsiNxvKxdg6cHeyjrb0 fMHK07Pw8PRxUh2xr56a512HkPMhTPIx+xcjZ1RTly9QPXEWjWgDolOiMYRjL/ne UC/A8MumKMiJoltLwTly6si3ChklI36iyrVgH6MHaKjvqPWHH7z2303N632IXvmd KzGVdEtzn/X0zUyutl6c6eJEWidvgaVjLHRynxCeD6Cz5MX2EzD5ITYxyA4MmSgq FcD4NPn6EUs9k2zHSOyfe7extwNlXEslbWYq+rX4aT7FY+Ul7PTwzmAkhzRdOVpr 5Oi4hbwhyqt1DteBr/NNZAHK58BdxP6oi8rgZiZDANwRWk/Dx5xFKMIYD0Z2GHmG +bvA5DqaMLZPv26nHv1rgR9YNzTe/Tw651QePis+4X3YXx6yGuwDW2gs5JMNMnBT xOxT8zctDV1kghhh+IaZMopdQ+hlZCoJyVZv0DbLZoF9mZ74gzLdvCtFyFVvZ8ZG AxaDJxGrtzg= =va8E -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5844-1 February 07, 2023 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate verification. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203) Hubert Kario discovered that OpenSSL had a timing based side channel in the OpenSSL RSA Decryption implementation. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2022-4304) Dawei Wang discovered that OpenSSL incorrectly handled parsing certain PEM data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2022-4450) Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly handled streaming ASN.1 data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0215) Marc Schönefeld discovered that OpenSSL incorrectly handled malformed PKCS7 data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0216) Kurt Roeckx discovered that OpenSSL incorrectly handled validating certain DSA public keys. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0217) Hubert Kario and Dmitry Belyavsky discovered that OpenSSL incorrectly validated certain signatures. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0401) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libssl3 3.0.5-2ubuntu2.1 Ubuntu 22.04 LTS: libssl3 3.0.2-0ubuntu1.8 Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.17 Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.21 After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple Vulnerabilities Date: February 04, 2024 Bugs: #876787, #893446, #902779, #903545, #907413, #910556, #911560 ID: 202402-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-libs/openssl < 3.0.10 >= 3.0.10 Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.10" References ========== [ 1 ] CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 [ 2 ] CVE-2022-4203 https://nvd.nist.gov/vuln/detail/CVE-2022-4203 [ 3 ] CVE-2022-4304 https://nvd.nist.gov/vuln/detail/CVE-2022-4304 [ 4 ] CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 [ 5 ] CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 [ 6 ] CVE-2023-0216 https://nvd.nist.gov/vuln/detail/CVE-2023-0216 [ 7 ] CVE-2023-0217 https://nvd.nist.gov/vuln/detail/CVE-2023-0217 [ 8 ] CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 [ 9 ] CVE-2023-0401 https://nvd.nist.gov/vuln/detail/CVE-2023-0401 [ 10 ] CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 [ 11 ] CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 [ 12 ] CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 [ 13 ] CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 [ 14 ] CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 [ 15 ] CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 [ 16 ] CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202402-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-11-23T21:06:22.835000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE