rpm package
almalinux/gvisor-tap-vsock
pkg:rpm/almalinux/gvisor-tap-vsock
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22871 | Cri | 9.1 | < 6:0.8.5-2.el9_6 | 6:0.8.5-2.el9_6 | Apr 8, 2025 | The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. | |
| CVE-2025-22869 | — | < 6:0.8.5-1.el9_5 | 6:0.8.5-1.el9_5 | Feb 26, 2025 | SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. | ||
| CVE-2024-1394 | Hig | 7.5 | < 6:0.7.3-4.el9_4.alma.1 | 6:0.7.3-4.el9_4.alma.1 | Mar 21, 2024 | A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and | |
| CVE-2024-24783 | Med | 5.9 | < 6:0.7.3-5.el9_4.alma.1 | 6:0.7.3-5.el9_4.alma.1 | Mar 5, 2024 | Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The defaul | |
| CVE-2023-45290 | Med | 6.5 | < 6:0.7.3-3.el9_4.alma.1 | 6:0.7.3-3.el9_4.alma.1 | Mar 5, 2024 | When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line |
- affected < 6:0.8.5-2.el9_6fixed 6:0.8.5-2.el9_6
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
- CVE-2025-22869Feb 26, 2025affected < 6:0.8.5-1.el9_5fixed 6:0.8.5-1.el9_5
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
- affected < 6:0.7.3-4.el9_4.alma.1fixed 6:0.7.3-4.el9_4.alma.1
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and
- affected < 6:0.7.3-5.el9_4.alma.1fixed 6:0.7.3-5.el9_4.alma.1
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The defaul
- affected < 6:0.7.3-3.el9_4.alma.1fixed 6:0.7.3-3.el9_4.alma.1
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line