Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
The product does not validate, or incorrectly validates, a certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Go | Golang | * | 1.25.9 (excluding) |
| Go | Golang | 1.26.0 (including) | 1.26.2 (excluding) |
| Cryostat 4 on RHEL 9 | RedHat | cryostat/cryostat-rhel9-operator:4.2.0-15 | * |
| Cryostat 4 on RHEL 9 | RedHat | cryostat/cryostat-storage-rhel9:4.2.0-16 | * |
| HawtIO HawtIO 4.4.0 | RedHat | rhbac-4-tech-preview/hawtio-rhel8-operator | * |
| Red Hat Enterprise Linux 10 | RedHat | golang-0:1.25.9-3.el10_1 | * |
| Red Hat Enterprise Linux 10 | RedHat | opentelemetry-collector-0:0.144.0-2.el10_2 | * |
| Red Hat Enterprise Linux 10 | RedHat | go-fdo-client-0:1.0.0-4.el10_2 | * |
| Red Hat Enterprise Linux 10 | RedHat | go-fdo-server-0:1.0.1-2.el10_2 | * |
| Red Hat Enterprise Linux 10 | RedHat | delve-0:1.26.1-2.el10_2 | * |
| Red Hat Enterprise Linux 10 | RedHat | podman-7:5.8.2-3.el10_2 | * |
| Red Hat Enterprise Linux 10 | RedHat | yggdrasil-0:0.4.9-5.el10_2 | * |
| Red Hat Enterprise Linux 10 | RedHat | golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1 | * |
| Red Hat Enterprise Linux 10 | RedHat | skopeo-2:1.22.2-2.el10_2 | * |
| Red Hat Enterprise Linux 10 | RedHat | buildah-2:1.43.1-2.el10_2 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | golang-0:1.25.9-1.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | grafana-pcp-0:5.2.2-6.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | grafana-0:10.2.6-24.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | yggdrasil-0:0.4.7-4.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | opentelemetry-collector-0:0.144.0-2.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | buildah-2:1.39.9-1.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | podman-6:5.4.0-15.el10_0.2 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | skopeo-2:1.18.1-3.el10_0.2 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | rhc-1:0.3.2-4.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | delve-0:1.25.2-4.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | osbuild-composer-0:134.1-8.el10_0 | * |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | host-metering-0:1.4.0-7.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | container-tools:rhel8-8100020260520103055.afee755d | * |
| Red Hat Enterprise Linux 9 | RedHat | golang-0:1.25.9-1.el9_7 | * |
| Red Hat Enterprise Linux 9 | RedHat | opentelemetry-collector-0:0.144.0-2.el9_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | rhc-1:0.2.7-7.el9_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | podman-6:5.8.2-3.el9_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | skopeo-2:1.22.2-6.el9_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | buildah-2:1.43.1-2.el9_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | runc-4:1.4.2-2.el9_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | containernetworking-plugins-1:1.9.0-3.el9_8 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | opentelemetry-collector-0:0.144.0-2.el9_4 | * |
| Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions | RedHat | buildah-2:1.33.15-1.el9_4.1 | * |
| Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions | RedHat | podman-4:4.9.4-20.el9_4.3 | * |
| Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions | RedHat | skopeo-2:1.14.6-1.el9_4 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | golang-0:1.25.9-1.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | opentelemetry-collector-0:0.144.0-2.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | grafana-pcp-0:5.1.1-14.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | grafana-0:10.2.6-21.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | rhc-1:0.2.7-1.el9_6.4 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | osbuild-composer-0:132.2-8.el9_6 | * |
| Red Hat Satellite 6.16 for RHEL 8 | RedHat | yggdrasil-worker-forwarder-0:0.0.3-5.el8sat | * |
| Red Hat Satellite 6.16 for RHEL 9 | RedHat | yggdrasil-worker-forwarder-0:0.0.3-5.el9sat | * |
| Red Hat Satellite 6.19 for RHEL 9 | RedHat | yggdrasil-worker-forwarder-0:0.0.3-5.el9sat | * |
| Custom Metric Autoscaler 2.19 | RedHat | custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9:1780101236 | * |
| Logging Subsystem for Red Hat OpenShift 6.0 | RedHat | openshift-logging/logging-loki-rhel9:1781193075 | * |
| Logging Subsystem for Red Hat OpenShift 6.4 | RedHat | openshift-logging/logging-loki-rhel9:1780051809 | * |
| Mirror registry for Red Hat OpenShift 2.0 | RedHat | openshift/mirror-registry-rhel8:1782177012 | * |
| Multicluster Global Hub 1.4.5 | RedHat | multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1779579439 | * |
| Multicluster Global Hub 1.5.4 | RedHat | multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753 | * |
| Multicluster Global Hub 1.6.2 | RedHat | multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1780167118 | * |
| Multicluster Global Hub 1.7.1 | RedHat | multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1779925273 | * |
| Network Observability (NETOBSERV) 1.12.0 | RedHat | network-observability/network-observability-flowlogs-pipeline-rhel9:1780555437 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-kubevirt-velero-plugin-rhel9:1779243307 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-mustgather-rhel9:1779770049 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-rhel9-operator:1779847451 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-velero-plugin-for-aws-rhel9:1779243113 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-velero-plugin-for-gcp-rhel9:1779243915 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-velero-plugin-for-legacy-aws-rhel9:1779243074 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-velero-plugin-for-microsoft-azure-rhel9:1779243128 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-velero-plugin-rhel9:1779243793 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-velero-restic-restore-helper-rhel9:1779809597 | * |
| OpenShift API for Data Protection 1.4 | RedHat | oadp/oadp-velero-rhel9:1779809598 | * |
| OpenShift API for Data Protection 1.5 | RedHat | oadp/oadp-velero-rhel9:1779808027 | * |
| OpenShift Compliance Operator 1 | RedHat | compliance/openshift-compliance-operator-bundle:1781605005 | * |
| OpenShift Developer Tools and Services 1.6.2 | RedHat | source-to-image/source-to-image-rhel8:1780247935 | * |
| OpenShift Developer Tools and Services 1.6.2 | RedHat | source-to-image/source-to-image-rhel9:1780247727 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.10 | RedHat | advanced-cluster-security/rhacs-main-rhel8:1777976489 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.10 | RedHat | advanced-cluster-security/rhacs-rhel8-operator:1777976489 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.10 | RedHat | advanced-cluster-security/rhacs-roxctl-rhel8:1777976489 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.10 | RedHat | advanced-cluster-security/rhacs-scanner-v4-rhel8:1777976489 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.10 | RedHat | advanced-cluster-security/rhacs-scanner-rhel8:1778755463 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.10 | RedHat | advanced-cluster-security/rhacs-scanner-slim-rhel8:1778755463 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.9 | RedHat | advanced-cluster-security/rhacs-main-rhel8:1777986630 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.9 | RedHat | advanced-cluster-security/rhacs-rhel8-operator:1777986630 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.9 | RedHat | advanced-cluster-security/rhacs-roxctl-rhel8:1777986630 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.9 | RedHat | advanced-cluster-security/rhacs-scanner-v4-rhel8:1777986630 | * |
| Red Hat Advanced Cluster Security for Kubernetes 4.9 | RedHat | advanced-cluster-security/rhacs-main-rhel8:1779371594 | * |
| Red Hat Developer Hub 1.8 | RedHat | rhdh/rhdh-rhel9-operator:1779841292 | * |
| Red Hat Developer Hub 1.9 | RedHat | rhdh/rhdh-rhel9-operator:1781187028 | * |
| Red Hat Hardened Images | RedHat | golang1-26-main-1.26.2-1.hum1 | * |
| Red Hat Hardened Images | RedHat | golang1-25-main-1.25.9-1.hum1 | * |
| Red Hat Lightspeed (formerly Insights) for Runtimes 1 | RedHat | rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator:1.0.3-1779996197 | * |
| Red Hat OpenShift distributed tracing 3.10.1 | RedHat | rhosdt/tempo-rhel9:1781589494 | * |
| Red Hat OpenShift GitOps 1.18 | RedHat | openshift-gitops-1/dex-rhel8:1779116359 | * |
| Red Hat OpenShift GitOps 1.19 | RedHat | openshift-gitops-1/dex-rhel8:1779209965 | * |
| Red Hat OpenShift GitOps 1.2 | RedHat | openshift-gitops-1/dex-rhel9:1779284768 | * |
| Red Hat OpenShift Service Mesh 2.6 | RedHat | openshift-service-mesh/kiali-rhel8:1779520348 | * |
| Red Hat OpenShift Service Mesh 3.0 | RedHat | openshift-service-mesh/kiali-rhel9:1779520253 | * |
| Red Hat OpenShift Service Mesh 3.0 | RedHat | openshift-service-mesh/kiali-rhel9:1780916345 | * |
| Red Hat OpenShift Service Mesh 3.1 | RedHat | openshift-service-mesh/kiali-rhel9:1779520433 | * |
| Red Hat OpenShift Service Mesh 3.1 | RedHat | openshift-service-mesh/kiali-rhel9:1780916478 | * |
| Red Hat OpenShift Service Mesh 3.2 | RedHat | openshift-service-mesh/kiali-rhel9:1779520857 | * |
| Red Hat OpenShift Service Mesh 3.2 | RedHat | openshift-service-mesh/kiali-rhel9:1780916392 | * |
| Red Hat OpenShift Service Mesh 3.3 | RedHat | openshift-service-mesh/kiali-rhel9:1779520708 | * |
| Red Hat OpenShift Service Mesh 3.3 | RedHat | openshift-service-mesh/kiali-rhel9:1780997438 | * |
| Red Hat Quay 3.10 | RedHat | quay/quay-rhel8:1779822261 | * |
| Red Hat Quay 3.12 | RedHat | quay/quay-rhel8:1779811412 | * |
| Red Hat Quay 3.14 | RedHat | quay/quay-rhel8:1779689392 | * |
| Red Hat Quay 3.17 | RedHat | quay/quay-rhel9:1779922205 | * |
| Red Hat Quay 3.9 | RedHat | quay/quay-rhel8:1779811473 | * |
| Red Hat Trusted Artifact Signer 1.3 | RedHat | rhtas/gitsign-rhel9:1780052587 | * |
| Golang-1.10 | Ubuntu | esm-infra/xenial | * |
| Golang-1.13 | Ubuntu | esm-apps/xenial | * |
| Golang-1.18 | Ubuntu | esm-apps/xenial | * |
| Golang-1.6 | Ubuntu | esm-infra/xenial | * |