Описание
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
A flaw was found in the crypto/tls package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Affected | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-waiters-rhel9 | Affected | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Affected | ||
| Confidential Compute Attestation | build-of-trustee/trustee-rhel9-operator | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-monitor-rhel9 | Affected | ||
| Deployment Validation Operator | dvo/deployment-validation-rhel8-operator | Affected | ||
| ExternalDNS Operator | edo/external-dns-rhel8 | Affected | ||
| ExternalDNS Operator | edo/external-dns-rhel9 | Not affected | ||
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/external-secrets-rhel9 | Affected | ||
| Fence Agents Remediation Operator | workload-availability/fence-agents-remediation-rhel8-operator | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
If one side of the TLS connection sends multiple key update messages p ...
EPSS
7.5 High
CVSS3