Red Hat Openshift Container Storage
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Openshift Container Storage.
Recent Red Hat Openshift Container Storage Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2022:0308 | (RHSA-2022:0308) Moderate: OpenShift Container Storage 3.11.z security and bug fix update | January 27, 2022 |
| RHSA-2021:4845 | (RHSA-2021:4845) Moderate: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update | November 29, 2021 |
| RHSA-2021:3748 | (RHSA-2021:3748) Moderate: OpenShift Container Storage 3.11.z Container Images Security and Bug Fix Update | October 7, 2021 |
| RHSA-2021:2479 | (RHSA-2021:2479) Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update | June 17, 2021 |
| RHSA-2021:2042 | (RHSA-2021:2042) Moderate: Red Hat OpenShift Container Storage 4.7 RPM security, bug fix, and enhancement update | May 19, 2021 |
| RHSA-2021:2041 | (RHSA-2021:2041) Moderate: Red Hat OpenShift Container Storage 4.7.0 security, bug fix, and enhancement update | May 19, 2021 |
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Openshift Container Storage. Openshift Container Storage did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 7.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 0.00 |
| 2021 | 1 | 9.10 |
| 2020 | 1 | 6.50 |
It may take a day or so for new Openshift Container Storage vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Openshift Container Storage Security Vulnerabilities
Uninitialized Buffer in Go FIPS OpenSSL May Cause False HMAC Match
CVE-2024-9355
6.5 - Medium
- October 01, 2024
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
Use of Uninitialized Variable
Memory Leak in Go RSA (golang-fips/openssl) Leads to Resource Exhaustion
CVE-2024-1394
7.5 - High
- March 21, 2024
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
Memory Leak
Key-Length Flaw in RHEL Ceph Storage Encrypts Disk with Weak Keys
CVE-2021-3979
- August 25, 2022
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
Use of a Broken or Risky Cryptographic Algorithm
An out-of-bounds read flaw was found in the CLARRV
CVE-2021-4048
9.1 - Critical
- December 08, 2021
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Out-of-bounds Read
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects
CVE-2020-1700
6.5 - Medium
- February 07, 2020
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openshift Container Storage or by Red Hat? Click the Watch button to subscribe.
