Описание
Уязвимость пакета crypto/x509 языка программирования Go связана с ошибками процедуры подтверждения подлинности сертификата. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить атаки типа "человек посередине"
Вендор
Red Hat Inc.
ООО «Ред Софт»
The Go Project
Наименование ПО
Red Hat Enterprise Linux
Red Hat Quay
Red Hat 3scale API Management Platform
Openshift Service Mesh
РЕД ОС
Red Hat Openshift Data Foundation
Red Hat OpenShift GitOps
Red Hat OpenShift Container Platform
Red Hat Satellite
Red Hat OpenStack Platform
OpenShift Developer Tools and Services
Red Hat OpenShift on AWS
Node HealthCheck Operator
Network Observability Operator
Red Hat OpenShift Virtualization
OpenShift Serverless
Red Hat Ansible Automation Platform
Red Hat OpenShift Dev Spaces
Migration Toolkit for Containers
OpenShift Pipelines
OpenShift API for Data Protection
Red Hat Service Interconnect
Logging subsystem for Red Hat OpenShift
Red Hat Developer Hub
multicluster engine for Kubernetes
Mirror registry for Red Hat OpenShift
Red Hat OpenShift Lightspeed
Red Hat OpenShift Cluster Manager CLI
Red Hat Advanced Cluster Management for Kubernetes 2
Red Hat build of Apache Camel
Cryostat
cert-manager Operator for Red Hat OpenShift
Confidential Compute Attestation
Custom Metric Autoscaler operator for Red Hat Openshift
Multicluster Global Hub
Assisted Installer for Red Hat OpenShift Container Platform
Red Hat Certification Program for Red Hat Enterprise Linux
Red Hat Connectivity Link
Red Hat Enterprise Linux AI
External Secrets Operator for Red Hat OpenShift
Fence Agents Remediation Operator
Red Hat OpenShift AI
Red Hat Hardened Images
Go
Compliance Operator
Deployment Validation Operator
ExternalDNS Operator
File Integrity Operator
Machine Deletion Remediation Operator
Migration Toolkit for Applications
Red Hat Edge Manager
Red Hat OpenShift Dev Workspaces Operator
Gatekeeper
Red Hat OpenShift distributed tracing
Logical Volume Manager Storage
Power monitoring for Red Hat OpenShift
Red Hat Lightspeed for Runtimes Operator
Red Hat OpenShift for Windows Containers
Ansible Automation Platform
Red Hat Advanced Cluster Security (RHACS) for Kubernetes
Red Hat OpenShift Builds
Версия ПО
7 (Red Hat Enterprise Linux)
8 (Red Hat Enterprise Linux)
3 (Red Hat Quay)
2 (Red Hat 3scale API Management Platform)
2 (Openshift Service Mesh)
7.3 (РЕД ОС)
4 (Red Hat Openshift Data Foundation)
- (Red Hat OpenShift GitOps)
4 (Red Hat OpenShift Container Platform)
6 (Red Hat Satellite)
9 (Red Hat Enterprise Linux)
16.2 (Red Hat OpenStack Platform)
- (OpenShift Developer Tools and Services)
- (Red Hat OpenShift on AWS)
- (Node HealthCheck Operator)
- (Network Observability Operator)
4 (Red Hat OpenShift Virtualization)
- (OpenShift Serverless)
2 (Red Hat Ansible Automation Platform)
17.1 (Red Hat OpenStack Platform)
- (Red Hat OpenShift Dev Spaces)
- (Migration Toolkit for Containers)
- (OpenShift Pipelines)
- (OpenShift API for Data Protection)
1 (Red Hat Service Interconnect)
- (Logging subsystem for Red Hat OpenShift)
- (Red Hat Developer Hub)
- (multicluster engine for Kubernetes)
- (Mirror registry for Red Hat OpenShift)
18.0 (Red Hat OpenStack Platform)
9.4 Extended Update Support (Red Hat Enterprise Linux)
- (Red Hat OpenShift Lightspeed)
- (Red Hat OpenShift Cluster Manager CLI)
- (Red Hat Advanced Cluster Management for Kubernetes 2)
10 (Red Hat Enterprise Linux)
HawtIO 4 (Red Hat build of Apache Camel)
4 (Cryostat)
3 (Openshift Service Mesh)
- (cert-manager Operator for Red Hat OpenShift)
- (Confidential Compute Attestation)
- (Custom Metric Autoscaler operator for Red Hat Openshift)
- (Multicluster Global Hub)
2 (Assisted Installer for Red Hat OpenShift Container Platform)
9.6 Extended Update Support (Red Hat Enterprise Linux)
8.0 (РЕД ОС)
10.0 Extended Update Support (Red Hat Enterprise Linux)
2 (Mirror registry for Red Hat OpenShift)
9 (Red Hat Certification Program for Red Hat Enterprise Linux)
1 (Red Hat Connectivity Link)
3 (Red Hat Enterprise Linux AI)
- (External Secrets Operator for Red Hat OpenShift)
- (Fence Agents Remediation Operator)
- (Red Hat OpenShift AI)
- (Red Hat Hardened Images)
от 1.26.0 до 1.26.2 (Go)
- (Compliance Operator)
- (Deployment Validation Operator)
- (ExternalDNS Operator)
- (File Integrity Operator)
- (Machine Deletion Remediation Operator)
8 (Migration Toolkit for Applications)
1 (Red Hat Edge Manager)
- (Red Hat OpenShift Dev Workspaces Operator)
2 (Red Hat Service Interconnect)
3 (Gatekeeper)
3.9.3 (Red Hat OpenShift distributed tracing)
- (Logical Volume Manager Storage)
- (Power monitoring for Red Hat OpenShift)
- (Red Hat Lightspeed for Runtimes Operator)
- (Red Hat OpenShift for Windows Containers)
2.6 (Ansible Automation Platform)
4.9 (Red Hat Advanced Cluster Security (RHACS) for Kubernetes)
1.6.5 (Red Hat OpenShift Builds)
1.7.2 (Red Hat OpenShift Builds)
Тип ПО
Операционная система
Прикладное ПО информационных систем
ПО программно-аппаратного средства
ПО виртуализации/ПО виртуального программно-аппаратного средства
Сетевое программное средство
Сетевое средство
Средство защиты
Операционные системы и аппаратные платформы
Red Hat Inc. Red Hat Enterprise Linux 7
Red Hat Inc. Red Hat Enterprise Linux 8
ООО «Ред Софт» РЕД ОС 7.3
Red Hat Inc. Red Hat Enterprise Linux 9
Red Hat Inc. Red Hat Enterprise Linux 9.4 Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux 10
Red Hat Inc. Red Hat Enterprise Linux 9.6 Extended Update Support
ООО «Ред Софт» РЕД ОС 8.0
Red Hat Inc. Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux AI 3
Уровень опасности уязвимости
Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 8,5)
Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 8,2)
Возможные меры по устранению уязвимости
Использование рекомендаций:
Для Go:
https://pkg.go.dev/vuln/GO-2026-4866
Для РедОС:
https://redos.red-soft.ru/search/?iblock_id=&q=CVE-2026-33810
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2026-33810
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Ссылки на источники
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 17%
0.00259
Низкий
8.2 High
CVSS3
8.5 High
CVSS2
Связанные уязвимости
CVSS3: 8.2
ubuntu
3 месяца назад
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
CVSS3: 8.8
redhat
3 месяца назад
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
CVSS3: 8.2
nvd
3 месяца назад
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
CVSS3: 5.9
msrc
3 месяца назад
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
EPSS
Процентиль: 17%
0.00259
Низкий
8.2 High
CVSS3
8.5 High
CVSS2