Red Hat Openshift Service On Aws
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Openshift Service On Aws.
By the Year
In 2026 there have been 1 vulnerability in Red Hat Openshift Service On Aws with an average score of 7.5 out of ten. Openshift Service On Aws did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.50 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 7.00 |
It may take a day or so for new Openshift Service On Aws vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Openshift Service On Aws Security Vulnerabilities
Negative DataRow Length in pgproto3 Leading to DoS
CVE-2026-4427
7.5 - High
- March 19, 2026
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.
out-of-bounds array index
Uninitialized Buffer in Go FIPS OpenSSL May Cause False HMAC Match
CVE-2024-9355
6.5 - Medium
- October 01, 2024
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
Use of Uninitialized Variable
Memory Leak in Go RSA (golang-fips/openssl) Leads to Resource Exhaustion
CVE-2024-1394
7.5 - High
- March 21, 2024
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
Memory Leak
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openshift Service On Aws or by Red Hat? Click the Watch button to subscribe.
