CVE Vulnerabilities

CVE-2025-22871

Published: Apr 08, 2025 | Modified: Apr 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
5.4 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Ubuntu
MEDIUM

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected Software

Name Vendor Start Version End Version
Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 RedHat rhacm2/lighthouse-agent-rhel9:v0.20.1-1 *
Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 RedHat rhacm2/lighthouse-coredns-rhel9:v0.20.1-1 *
Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 RedHat rhacm2/nettest-rhel9:v0.20.1-4 *
Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 RedHat rhacm2/subctl-rhel9:v0.20.1-2 *
Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 RedHat rhacm2/submariner-gateway-rhel9:v0.20.1-1 *
Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 RedHat rhacm2/submariner-globalnet-rhel9:v0.20.1-2 *
Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 RedHat rhacm2/submariner-operator-bundle:v0.20.1-1 *
Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 RedHat rhacm2/submariner-rhel9-operator:v0.20.1-2 *
Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 RedHat rhacm2/submariner-route-agent-rhel9:v0.20.1-2 *
Red Hat Enterprise Linux 10 RedHat golang-0:1.23.9-1.el10_0 *
Red Hat Enterprise Linux 10 RedHat grafana-0:10.2.6-18.el10_0 *
Red Hat Enterprise Linux 10 RedHat grafana-pcp-0:5.2.2-3.el10_0 *
Red Hat Enterprise Linux 10 RedHat git-lfs-0:3.6.1-2.el10_0 *
Red Hat Enterprise Linux 10 RedHat podman-6:5.4.0-10.el10_0 *
Red Hat Enterprise Linux 10 RedHat buildah-2:1.39.4-2.el10_0 *
Red Hat Enterprise Linux 10 RedHat skopeo-2:1.18.1-2.el10_0 *
Red Hat Enterprise Linux 10 RedHat gvisor-tap-vsock-6:0.8.5-2.el10_0 *
Red Hat Enterprise Linux 10 RedHat golang-github-openprinting-ipp-usb-0:0.9.27-3.el10_0 *
Red Hat Enterprise Linux 8 RedHat go-toolset:rhel8-8100020250602163653.a3795dee *
Red Hat Enterprise Linux 8 RedHat grafana-0:9.2.10-25.el8_10 *
Red Hat Enterprise Linux 8 RedHat grafana-pcp-0:5.1.1-10.el8_10 *
Red Hat Enterprise Linux 8 RedHat git-lfs-0:3.4.1-5.el8_10 *
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8100020250610144746.afee755d *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat go-toolset:rhel8-8040020250603012508.5081a262 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat grafana-pcp-0:3.0.2-2.el8_4 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat grafana-0:7.3.6-10.el8_4 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat grafana-pcp-0:3.2.0-2.el8_6 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat go-toolset:rhel8-8060020250609110611.97d7f71f *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat grafana-0:7.5.11-7.el8_6 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat git-lfs-0:2.13.3-3.el8_6.4 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat grafana-pcp-0:3.2.0-2.el8_6 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat go-toolset:rhel8-8060020250609110611.97d7f71f *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat grafana-0:7.5.11-7.el8_6 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat git-lfs-0:2.13.3-3.el8_6.4 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat grafana-pcp-0:3.2.0-2.el8_6 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat go-toolset:rhel8-8060020250609110611.97d7f71f *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat grafana-0:7.5.11-7.el8_6 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat git-lfs-0:2.13.3-3.el8_6.4 *
Red Hat Enterprise Linux 8.8 Telecommunications Update Service RedHat grafana-0:7.5.15-7.el8_8 *
Red Hat Enterprise Linux 8.8 Telecommunications Update Service RedHat go-toolset:rhel8-8080020250602234234.6b4b45d8 *
Red Hat Enterprise Linux 8.8 Telecommunications Update Service RedHat grafana-pcp-0:3.2.0-4.el8_8 *
Red Hat Enterprise Linux 8.8 Telecommunications Update Service RedHat git-lfs-0:3.2.0-2.el8_8.4 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat grafana-0:7.5.15-7.el8_8 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat go-toolset:rhel8-8080020250602234234.6b4b45d8 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat grafana-pcp-0:3.2.0-4.el8_8 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat container-tools:rhel8-8080020250606083919.0f77c1b7 *
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions RedHat git-lfs-0:3.2.0-2.el8_8.4 *
Red Hat Enterprise Linux 9 RedHat golang-0:1.23.9-1.el9_6 *
Red Hat Enterprise Linux 9 RedHat grafana-0:10.2.6-14.el9_6 *
Red Hat Enterprise Linux 9 RedHat grafana-pcp-0:5.1.1-11.el9_6 *
Red Hat Enterprise Linux 9 RedHat git-lfs-0:3.6.1-2.el9_6 *
Red Hat Enterprise Linux 9 RedHat containernetworking-plugins-1:1.6.2-2.el9_6 *
Red Hat Enterprise Linux 9 RedHat podman-5:5.4.0-10.el9_6 *
Red Hat Enterprise Linux 9 RedHat skopeo-2:1.18.1-2.el9_6 *
Red Hat Enterprise Linux 9 RedHat buildah-2:1.39.4-2.el9_6 *
Red Hat Enterprise Linux 9 RedHat gvisor-tap-vsock-6:0.8.5-2.el9_6 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat grafana-pcp-0:3.2.0-4.el9_0 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat golang-0:1.17.13-6.el9_0 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat grafana-0:7.5.11-11.el9_0 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat containernetworking-plugins-1:1.0.1-6.el9_0.2 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat buildah-1:1.26.9-1.el9_0.1 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat podman-2:4.2.0-6.el9_0.4 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat skopeo-2:1.8.0-4.1.el9_0.1 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat git-lfs-0:2.13.3-5.el9_0.4 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat grafana-0:9.0.9-8.el9_2 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat golang-0:1.19.13-16.el9_2 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat grafana-pcp-0:5.1.1-3.el9_2 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat buildah-1:1.29.5-1.el9_2.1 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat skopeo-2:1.11.2-0.1.el9_2.3 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat containernetworking-plugins-1:1.2.0-3.el9_2.2 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat podman-2:4.4.1-22.el9_2.2 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat git-lfs-0:3.2.0-2.el9_2.3 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat containernetworking-plugins-1:1.4.0-6.el9_4.1 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat gvisor-tap-vsock-6:0.7.3-5.el9_4.2 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat buildah-2:1.33.12-2.el9_4.1 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat skopeo-2:1.14.5-2.el9_4.1 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat podman-4:4.9.4-18.el9_4.1 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat grafana-0:9.2.10-23.el9_4 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat golang-0:1.21.13-9.el9_4 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat grafana-pcp-0:5.1.1-5.el9_4 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat git-lfs-0:3.4.1-4.el9_4.2 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.36.0-8 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-data-index-postgresql-rhel8:1.36.0-8 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-db-migrator-tool-rhel8:1.36.0-8 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.36.0-8 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.36.0-8 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-management-console-rhel8:1.36.0-6 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-operator-bundle:1.36.0-8 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-rhel8-operator:1.36.0-13 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-swf-builder-rhel8:1.36.0-8 *
RHOSS-1.36-RHEL-8 RedHat openshift-serverless-1/logic-swf-devmode-rhel8:1.36.0-6 *
Red Hat OpenShift AI 2.21 RedHat registry.redhat.io/rhoai/odh-rhel9-operator:sha256:533cd6282454e6c49cd90a2119386096626d2276a30e587ec436db89ad24bad9 *
Red Hat OpenShift Service Mesh 3.0 RedHat registry.redhat.io/openshift-service-mesh/istio-cni-rhel9:sha256:3a7f9a4d81b0c801a045b93d5fc0ea3f6bd051f6badf4dc1ec8d812a348d98e5 *
Golang-1.23 Ubuntu upstream *
Golang-1.24 Ubuntu upstream *

References