rhsa-2025:3743
Vulnerability from csaf_redhat
Published
2025-04-09 09:53
Modified
2025-08-19 03:13
Summary
Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.5.1 release
Notes
Topic
Red Hat build of OpenTelemetry 3.5.1 has been released
Details
Release of Red Hat OpenShift distributed tracing provides following security improvements, bug fixes, and new features.
Breaking changes:
* Nothing
Deprecations:
* Nothing
Technology Preview features:
* Nothing
Enhancements:
* Nothing
Bug fixes:
* https://access.redhat.com/security/cve/CVE-2025-29786 * https://access.redhat.com/security/cve/CVE-2025-27144 * https://access.redhat.com/security/cve/CVE-2025-30204 * https://access.redhat.com/security/cve/CVE-2025-22868
Known issues:
* Nothing
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of OpenTelemetry 3.5.1 has been released",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift distributed tracing provides following security improvements, bug fixes, and new features.\nBreaking changes:\n* Nothing\n\nDeprecations:\n* Nothing\n\nTechnology Preview features:\n* Nothing\n\nEnhancements:\n* Nothing\n\nBug fixes:\n* https://access.redhat.com/security/cve/CVE-2025-29786 * https://access.redhat.com/security/cve/CVE-2025-27144 * https://access.redhat.com/security/cve/CVE-2025-30204 * https://access.redhat.com/security/cve/CVE-2025-22868\n\nKnown issues:\n* Nothing",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3743",
"url": "https://access.redhat.com/errata/RHSA-2025:3743"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-27144",
"url": "https://access.redhat.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29786",
"url": "https://access.redhat.com/security/cve/CVE-2025-29786"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-30204",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3743.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.5.1 release",
"tracking": {
"current_release_date": "2025-08-19T03:13:28+00:00",
"generator": {
"date": "2025-08-19T03:13:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:3743",
"initial_release_date": "2025-04-09T09:53:12+00:00",
"revision_history": [
{
"date": "2025-04-09T09:53:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-09T09:53:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-19T03:13:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.5.2",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256%3Aea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744105979"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256%3A360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103234"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256%3Af82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel8@sha256%3A834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103199"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256%3A2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103234"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256%3Aa4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel8@sha256%3A5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103199"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256%3Aee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103234"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256%3Ad08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel8@sha256%3A31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103199"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256%3Ab7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103234"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256%3Aa626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel8@sha256%3Af725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1744103199"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-09T09:53:12+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3743"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-27144",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-24T23:00:42.448432+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2347423"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-770: Allocation of Resources Without Limits or Throttling vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings required for operations, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect excessive resource usage caused by malicious activity or system misconfigurations. In the event of exploitation, process isolation ensures workloads operate in separate environments, preventing any single process from overconsuming CPU or memory and degrading system performance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "RHBZ#2347423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22",
"url": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5",
"url": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78"
}
],
"release_date": "2025-02-24T22:22:22.863000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-09T09:53:12+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3743"
},
{
"category": "workaround",
"details": "As a workaround, applications can pre-validate that payloads being passed to Go JOSE do not contain an excessive number of `.` characters.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service"
},
{
"cve": "CVE-2025-29786",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-03-17T14:00:59.078419+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory (OOM) crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree (AST), consuming excessive memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29786"
},
{
"category": "external",
"summary": "RHBZ#2352914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29786"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/762",
"url": "https://github.com/expr-lang/expr/pull/762"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-93mq-9ffx-83m2",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-93mq-9ffx-83m2"
}
],
"release_date": "2025-03-17T13:15:32.836000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-09T09:53:12+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3743"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to impose an input size restriction before parsing (i.e. validating or limiting the length of expression strings that the application will accept). Ensuring no unbounded-length expressions are fed into the parser will prevent the parser from constructing a very large AST and avoid the potential memory exhaustion issue.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-09T09:53:12+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3743"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:2cd5fdc0d5efee8f9ced0cf8389c000c245ca5368098c5ce0bc2b6241ac6a455_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:360b97d5055aba77fb7cc5c029e910be7e7eb10672df530eca2c91346da2f2b0_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:b7f6e9442ee2ae2b7122a9732eaa11a85b1f0264e60963819c7e5150c1457740_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:ee623bfdf53c09ea32927c9350732f24f0a3371ee38272cdd08ae858d519fd32_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:ea3e5c6cc3342f0f0e9c4d8f6f4cc5ab278cd68fc6302737c533e7bdaa8ed12b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a4c600ccf3e69b940834012246bd35621d128cd21216262b4ec3e3cef2bf854e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:a626628fa5d1f05087dca3e93256a8092d6242cf3836f97723469ad31c80b3dd_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:d08f64f2db187122a8318f9860c703b52cd79048dcac6ecada7b08e71c012763_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-rhel8-operator@sha256:f82500883874b1171f0dc2ccc8e56fbf6e553f9332ab4a2e2353c38efdf3a2b8_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:31fbb53b77ca584f6f4a2cb900f4b5f74b1edb32e79e574f15b8a323057b1a2a_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:5801d945ec9c0a96f5700b18690ab6b23afea6ea2badccb2bfec9f6200b1d19d_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:834e7a4232d92c3773aa869fe96f95440d571014d72c984c6fce389c95796362_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8@sha256:f725e98f51b14cc553877c7b07e67062fef5bb431bd10f2c36eba5418d86a76b_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…