CVE-2023-24536

medium

Published 2023-05-25 · Modified 2023-11-27

CVSS v3

—

CVSS v2

—

VIR risk

5.5

Description

Moderate: container-tools:rhel8 security and bug fix update

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-6939.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:6939

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-6938.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2182884

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2182883

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2175721

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:6938

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6474.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2228689

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6473.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2174485

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6402.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6363.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2184484

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2178492

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6346.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2222167

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2196029

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2196027

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2196026

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2184483

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2184482

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2184481

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2178488

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2178358

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2163037

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2023-24536

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-24536.html

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6474

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6473

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6402

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6363

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6346

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:3318

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:6939

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:6938

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption Red Hat statement For Red Hat Enterprise Linux, * Conmon uses Go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not-affected. * The CVE refers to multipart form parsing routine…

Description

golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

Red Hat statement

For Red Hat Enterprise Linux, * Conmon uses Go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not-affected. * The CVE refers to multipart form parsing routine mime/multipart.Reader.ReadForm, which is not used in Grafana, hence it is not-affected. * Butane does not parse multipart forms, hence, it is also not-affected. Redhat has marked this vulnerability as moderate as this vulnerability could lead to a potential denial of service when all the resource of a system is consumed which is technically not a clear case of denial of service.

CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
CERT-MANAGER-1.10-RHEL-9	`cert-manager-operator-bundle-container-v1.10.3-4`	RHSA-2023:4335	2023-08-08T00:00:00Z
CERT-MANAGER-1.10-RHEL-9	`cert-manager-operator-container-v1.10.3-2`	RHSA-2023:4335	2023-08-08T00:00:00Z
CERT-MANAGER-1.10-RHEL-9	`jetstack-cert-manager-container-v1.10.2-18`	RHSA-2023:4335	2023-08-08T00:00:00Z
Cryostat 2 on RHEL 8	`cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:2.3.0-5`	RHSA-2023:3167	2023-05-18T00:00:00Z
Cryostat 2 on RHEL 8	`cryostat-tech-preview/cryostat-operator-bundle:2.3.0-5`	RHSA-2023:3167	2023-05-18T00:00:00Z
Cryostat 2 on RHEL 8	`cryostat-tech-preview/cryostat-reports-rhel8:2.3.0-5`	RHSA-2023:3167	2023-05-18T00:00:00Z
Cryostat 2 on RHEL 8	`cryostat-tech-preview/cryostat-rhel8:2.3.0-5`	RHSA-2023:3167	2023-05-18T00:00:00Z
Cryostat 2 on RHEL 8	`cryostat-tech-preview/cryostat-rhel8-operator:2.3.0-5`	RHSA-2023:3167	2023-05-18T00:00:00Z
Cryostat 2 on RHEL 8	`cryostat-tech-preview/jfr-datasource-rhel8:2.3.0-5`	RHSA-2023:3167	2023-05-18T00:00:00Z
Migration Toolkit for Virtualization 2.4	`migration-toolkit-virtualization/mtv-controller-rhel9:2.4.3-5`	RHBA-2023:6109	2023-10-25T00:00:00Z
MTA-6.2-RHEL-9	`mta/mta-hub-rhel9:6.2.0-16`	RHSA-2023:4627	2023-08-14T00:00:00Z
OADP-1.1-RHEL-8	`oadp/oadp-velero-rhel8:1.1.5-3`	RHSA-2023:3918	2023-06-29T00:00:00Z
Openshift Serverless 1 on RHEL 8	`openshift-serverless-clients-0:1.8.1-3.el8`	RHSA-2023:3450	2023-06-05T00:00:00Z
OSSO-1.1-RHEL-8	`openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-30`	RHSA-2023:4657	2023-08-23T00:00:00Z
Red Hat Ansible Automation Platform 2.3 for RHEL 8	`openshift-clients-0:4.12.0-202307200611.p0.g49844f7.assembly.stream.el8`	RHSA-2023:4470	2023-08-03T00:00:00Z
Red Hat Enterprise Linux 8	`go-toolset:rhel8-8080020230517172404.6b4b45d8`	RHSA-2023:3319	2023-05-25T00:00:00Z
Red Hat Enterprise Linux 8	`container-tools:4.0-8090020230828093056.e7857ab1`	RHSA-2023:6938	2023-11-14T00:00:00Z
Red Hat Enterprise Linux 8	`container-tools:rhel8-8090020230825121312.e7857ab1`	RHSA-2023:6939	2023-11-14T00:00:00Z
Red Hat Enterprise Linux 9	`golang-0:1.19.9-2.el9_2`	RHSA-2023:3318	2023-05-25T00:00:00Z
Red Hat Enterprise Linux 9	`toolbox-0:0.0.99.4-6.el9_3`	RHSA-2023:6346	2023-11-07T00:00:00Z
Red Hat Enterprise Linux 9	`skopeo-2:1.13.3-1.el9`	RHSA-2023:6363	2023-11-07T00:00:00Z
Red Hat Enterprise Linux 9	`containernetworking-plugins-1:1.3.0-4.el9`	RHSA-2023:6402	2023-11-07T00:00:00Z
Red Hat Enterprise Linux 9	`buildah-1:1.31.3-1.el9`	RHSA-2023:6473	2023-11-07T00:00:00Z
Red Hat Enterprise Linux 9	`podman-2:4.6.1-5.el9`	RHSA-2023:6474	2023-11-07T00:00:00Z
Red Hat Migration Toolkit for Containers 1.7	`rhmtc/openshift-velero-plugin-rhel8:v1.7.10-2`	RHSA-2023:3624	2023-06-15T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/cloud-network-config-controller-rhel8:v4.13.0-202305262054.p0.g71ccef5.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/egress-router-cni-rhel8:v4.13.0-202305270643.p0.g879b72b.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/kubevirt-csi-driver-rhel8:v4.13.0-202305262054.p0.gefa0b94.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/network-tools-rhel8:v4.13.0-202305300541.p0.gb4098c6.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/oc-mirror-plugin-rhel8:v4.13.0-202305262054.p0.g74d3207.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/openshift-route-controller-manager-rhel8:v4.13.0-202305262054.p0.gd7a8e22.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-agent-installer-api-server-rhel8:v4.13.0-202305291355.p0.g8db33db.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-agent-installer-csr-approver-rhel8:v4.13.0-202305291355.p0.g6160d18.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-agent-installer-node-agent-rhel8:v4.13.0-202305262054.p0.ge8de058.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-agent-installer-orchestrator-rhel8:v4.13.0-202305262054.p0.g6160d18.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.13.0-202305262054.p0.gb5200ba.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.13.0-202305262054.p0.g68c0ecf.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.13.0-202305262054.p0.g0f4b92a.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-alibaba-machine-controllers-rhel8:v4.13.0-202305262054.p0.g4c0f96a.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-apiserver-network-proxy-rhel8:v4.13.0-202305262054.p0.g61e198c.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-aws-cloud-controller-manager-rhel8:v4.13.0-202305262054.p0.g946daa0.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-aws-cluster-api-controllers-rhel8:v4.13.0-202305262054.p0.g4251ed3.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-aws-ebs-csi-driver-rhel8:v4.13.0-202305262054.p0.gd8fa531.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.13.0-202305262054.p0.gb6dee5c.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-aws-pod-identity-webhook-rhel8:v4.13.0-202305262054.p0.g4969655.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-azure-cloud-controller-manager-rhel8:v4.13.0-202305262054.p0.g7afcf26.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-azure-cloud-node-manager-rhel8:v4.13.0-202305262054.p0.g7afcf26.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-azure-cluster-api-controllers-rhel8:v4.13.0-202305262054.p0.g9885d4d.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-azure-disk-csi-driver-rhel8:v4.13.0-202305262054.p0.g202e8af.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.13.0-202305262054.p0.g67bda47.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.13.0-202305262054.p0.g994c32c.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-azure-file-csi-driver-rhel8:v4.13.0-202305262054.p0.gfd94a03.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-baremetal-installer-rhel8:v4.13.0-202305270643.p0.gb332f7a.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-baremetal-machine-controllers:v4.13.0-202305262054.p0.gd20bc57.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-baremetal-rhel8-operator:v4.13.0-202305290832.p0.gb771b3b.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-baremetal-runtimecfg-rhel8:v4.13.0-202305262054.p0.gf0c1297.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-cli:v4.13.0-202305291355.p0.g1024efc.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-cli-artifacts:v4.13.0-202305291355.p0.g1024efc.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-cloud-credential-operator:v4.13.0-202305262054.p0.gd3b5ffa.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13	`openshift4/ose-cluster-api-rhel8:v4.13.0-202305262054.p0.g0142186.assembly.stream`	RHSA-2023:3367	2023-06-07T00:00:00Z

Package state

Product	Package	State
Custom Metric Autoscaler operator for Red Hat Openshift	`custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8`	Not affected
Logging Subsystem for Red Hat OpenShift	`openshift-logging/logging-loki-rhel8`	Not affected
Node HealthCheck Operator	`workload-availability/node-healthcheck-rhel8-operator`	Affected
Node Maintenance Operator	`workload-availability/node-maintenance-rhel8-operator`	Affected
OpenShift Developer Tools and Services	`helm`	Affected
OpenShift Developer Tools and Services	`ocp-tools-4/jenkins-rhel8`	Will not fix
OpenShift Developer Tools and Services	`odo`	Will not fix
OpenShift Pipelines	`openshift-pipelines-client`	Affected
OpenShift Service Mesh 2	`openshift-golang-builder-container`	Will not fix
Red Hat 3scale API Management Platform 2	`3scale-operator-container`	Affected
Red Hat Advanced Cluster Management for Kubernetes 2	`thanos-contain`	Affected
Red Hat Advanced Cluster Security 3	`advanced-cluster-security/rhacs-main-rhel8`	Affected
Red Hat AMQ Broker 7	`amq-broker-rhel8-operator-container`	Affected
Red Hat Ansible Automation Platform 2	`receptor`	Affected
Red Hat Application Interconnect 1.0	`skupper-cli`	Affected
Red Hat Ceph Storage 3	`golang`	Out of support scope
Red Hat Ceph Storage 5	`rhceph/rhceph-5-dashboard-rhel8`	Affected
Red Hat Enterprise Linux 8	`container-tools:3.0/buildah`	Will not fix
Red Hat Enterprise Linux 8	`container-tools:3.0/containernetworking-plugins`	Affected
Red Hat Enterprise Linux 8	`container-tools:3.0/podman`	Affected
Red Hat Enterprise Linux 8	`container-tools:3.0/skopeo`	Affected
Red Hat Enterprise Linux 8	`container-tools:3.0/toolbox`	Will not fix
Red Hat Enterprise Linux 8	`git-lfs`	Will not fix
Red Hat Enterprise Linux 8	`grafana`	Not affected
Red Hat Enterprise Linux 8	`grafana-pcp`	Not affected
Red Hat Enterprise Linux 8	`osbuild-composer`	Will not fix
Red Hat Enterprise Linux 8	`rhc`	Not affected
Red Hat Enterprise Linux 8	`weldr-client`	Will not fix
Red Hat Enterprise Linux 9	`butane`	Not affected
Red Hat Enterprise Linux 9	`conmon`	Not affected
Red Hat Enterprise Linux 9	`git-lfs`	Will not fix
Red Hat Enterprise Linux 9	`grafana`	Not affected
Red Hat Enterprise Linux 9	`grafana-pcp`	Not affected
Red Hat Enterprise Linux 9	`ignition`	Will not fix
Red Hat Enterprise Linux 9	`osbuild-composer`	Will not fix
Red Hat Enterprise Linux 9	`weldr-client`	Will not fix
Red Hat OpenShift Container Platform 4	`butane`	Will not fix
Red Hat OpenShift Container Platform 4	`containernetworking-plugins`	Will not fix
Red Hat OpenShift Container Platform 4	`cri-tools`	Affected
Red Hat OpenShift Container Platform 4	`ignition`	Will not fix
Red Hat OpenShift Container Platform 4	`openshift`	Affected
Red Hat OpenShift Container Platform 4	`openshift-golang-builder-container`	Affected
Red Hat Openshift Data Foundation 4	`mcg`	Not affected
Red Hat Openshift Data Foundation 4	`odf4/cephcsi-rhel9`	Not affected
Red Hat OpenShift Dev Spaces	`devspaces/udi-rhel8`	Affected
Red Hat OpenShift distributed tracing 2	`rhosdt/jaeger-agent-rhel8`	Affected
Red Hat OpenShift GitOps	`openshift-gitops-1/gitops-rhel8`	Will not fix
Red Hat OpenShift GitOps	`openshift-gitops-kam`	Affected
Red Hat OpenShift on AWS	`rosa`	Affected
Red Hat Openshift Sandboxed Containers	`openshift-sandboxed-containers/osc-rhel9-operator`	Out of support scope
Red Hat OpenShift Virtualization 4	`kubevirt`	Affected
Red Hat OpenStack Platform 16.2	`golang-github-infrawatch-apputils`	Not affected
Red Hat OpenStack Platform 16.2	`rhosp-rhel8/osp-director-agent`	Not affected
Red Hat OpenStack Platform 17.0	`collectd-libpod-stats`	Will not fix
Red Hat OpenStack Platform 17.0	`golang-github-infrawatch-apputils`	Will not fix
Red Hat Quay 3	`quay/clair-rhel8`	Affected
Red Hat Satellite 6	`foreman_ygg_worker`	Not affected
Red Hat Satellite 6	`satellite:el8/yggdrasil-worker-forwarder`	Not affected
Red Hat Satellite 6	`yggdrasil`	Not affected
Red Hat Satellite 6	`yggdrasil-worker-forwarder`	Not affected

Apply commands

bash fix

Apply RHSA-2023:4335 for CERT-MANAGER-1.10-RHEL-9

yum update -y cert-manager-operator-bundle-container-v1
# or:
dnf upgrade -y cert-manager-operator-bundle-container-v1

Affected

Vendor	Product	Version
redhat	Custom Metric Autoscaler operator for Red Hat Openshift	`Not affected`
redhat	Logging Subsystem for Red Hat OpenShift	`Not affected`
redhat	Node HealthCheck Operator	`Affected`
redhat	Node Maintenance Operator	`Affected`
redhat	OpenShift Developer Tools and Services	`Affected`
redhat	OpenShift Pipelines	`Affected`
redhat	Red Hat 3scale API Management Platform 2	`Affected`
redhat	Red Hat Advanced Cluster Management for Kubernetes 2	`Affected`
redhat	Red Hat Advanced Cluster Security 3	`Affected`
redhat	Red Hat AMQ Broker 7	`Affected`
redhat	Red Hat Ansible Automation Platform 2	`Affected`
redhat	Red Hat Application Interconnect 1.0	`Affected`
redhat	Red Hat Ceph Storage 5	`Affected`
redhat	Red Hat Enterprise Linux 8	`Affected`
redhat	Red Hat Enterprise Linux 8	`Affected`
redhat	Red Hat Enterprise Linux 8	`Affected`
redhat	Red Hat Enterprise Linux 8	`Not affected`
redhat	Red Hat Enterprise Linux 8	`Not affected`
redhat	Red Hat Enterprise Linux 8	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat OpenShift Container Platform 4	`Affected`
redhat	Red Hat OpenShift Container Platform 4	`Affected`
redhat	Red Hat OpenShift Container Platform 4	`Affected`
redhat	Red Hat Openshift Data Foundation 4	`Not affected`
redhat	Red Hat Openshift Data Foundation 4	`Not affected`
redhat	Red Hat OpenShift Dev Spaces	`Affected`
redhat	Red Hat OpenShift distributed tracing 2	`Affected`

OS impact

OS	Version	Status	Fixed in
rocky	8	fixed
rhel	9	fixed
sles		affected
debian	bullseye	affected
debian	bookworm	fixed	`1.19.8-2`

Package impact

Ecosystem	Package	Vulnerable	Fixed
Go	stdlib	`>=1.20.0-0,<1.20.3`	`1.19.8`

References

Verify integrity in audit chain (admin only). AS-IS.