Описание
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some
inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-waiters-rhel9 | Under investigation | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Under investigation | ||
| Compliance Operator | compliance/openshift-compliance-operator-bundle | Under investigation | ||
| Confidential Compute Attestation | build-of-trustee/trustee-rhel9-operator | Under investigation | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-monitor-rhel9 | Under investigation | ||
| Cryostat 4 | cryostat/cryostat-storage-rhel9 | Under investigation | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9 | Under investigation | ||
| Deployment Validation Operator | dvo/deployment-validation-rhel8-operator | Under investigation | ||
| ExternalDNS Operator | edo/external-dns-rhel8 | Under investigation |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Quadratic complexity when parsing some invalid inputs in encoding/pem
The processing time for parsing some invalid inputs scales non-linearl ...
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
EPSS
5.3 Medium
CVSS3