Описание
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| Logical Volume Manager Storage | lvms4/lvms-rhel9-operator | Not affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-validation-rhel9 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/hive-rhel8 | Will not fix | ||
| OpenShift Developer Tools and Services | helm | Affected | ||
| OpenShift Developer Tools and Services | ocp-tools-4/jenkins-rhel8 | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines-client | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/thanos-rhel7 | Not affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-main-rhel8 | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
The ParseAddressList function incorrectly handles comments (text withi ...
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
Уязвимость функции ParseAddressList пакета net/mail языка программирования Go, позволяющая нарушителю выполнить спуфинг-атаки
EPSS
5.4 Medium
CVSS3