{
  "threat_severity" : "Moderate",
  "public_date" : "2023-02-28T00:00:00Z",
  "bugzilla" : {
    "description" : "golang.org/x/image: Uncontrolled Resource Consumption",
    "id" : "2174311",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2174311"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-400",
  "details" : [ "An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.", "A flaw was found in golang. This flaw allows an attacker to craft a malformed TIFF image, which will consume a significant amount of memory when passed to DecodeConfig, leading to a denial of service." ],
  "package_state" : [ {
    "product_name" : "cert-manager Operator for Red Hat OpenShift",
    "fix_state" : "Not affected",
    "package_name" : "cert-manager/cert-manager-operator-rhel9",
    "cpe" : "cpe:/a:redhat:cert_manager:1"
  }, {
    "product_name" : "Cost Management Metrics Operator",
    "fix_state" : "Not affected",
    "package_name" : "costmanagement-metrics-operator-container",
    "cpe" : "cpe:/a:redhat:cost_management:1"
  }, {
    "product_name" : "Cryostat 2",
    "fix_state" : "Not affected",
    "package_name" : "cryostat-20-tech-preview/cryostat-rhel8-operator",
    "cpe" : "cpe:/a:redhat:cryostat:2"
  }, {
    "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift",
    "fix_state" : "Not affected",
    "package_name" : "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
  }, {
    "product_name" : "Logging Subsystem for Red Hat OpenShift",
    "fix_state" : "Not affected",
    "package_name" : "openshift-logging/logging-loki-rhel8",
    "cpe" : "cpe:/a:redhat:logging:5"
  }, {
    "product_name" : "Migration Toolkit for Applications 6",
    "fix_state" : "Not affected",
    "package_name" : "mta/mta-hub-rhel8",
    "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6"
  }, {
    "product_name" : "Migration Toolkit for Containers",
    "fix_state" : "Not affected",
    "package_name" : "rhmtc/openshift-migration-velero-rhel8",
    "cpe" : "cpe:/a:redhat:rhmt:1"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Not affected",
    "package_name" : "migration-toolkit-virtualization/mtv-controller-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "mirror registry for Red Hat OpenShift",
    "fix_state" : "Not affected",
    "package_name" : "mirror-registry-container",
    "cpe" : "cpe:/a:redhat:mirror_registry:1"
  }, {
    "product_name" : "Node Maintenance Operator",
    "fix_state" : "Not affected",
    "package_name" : "workload-availability/node-maintenance-rhel8-operator",
    "cpe" : "cpe:/a:redhat:workload_availability_nmo:5"
  }, {
    "product_name" : "OpenShift API for Data Protection",
    "fix_state" : "Not affected",
    "package_name" : "oadp/oadp-velero-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1"
  }, {
    "product_name" : "OpenShift Secondary Scheduler Operator",
    "fix_state" : "Not affected",
    "package_name" : "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_secondary_scheduler:1"
  }, {
    "product_name" : "OpenShift Serverless",
    "fix_state" : "Not affected",
    "package_name" : "openshift-serverless-1/client-kn-rhel8",
    "cpe" : "cpe:/a:redhat:serverless:1"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-operator-container",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Not affected",
    "package_name" : "rhacm2/thanos-rhel9",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Not affected",
    "package_name" : "advanced-cluster-security/rhacs-main-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Ceph Storage 5",
    "fix_state" : "Not affected",
    "package_name" : "rhceph/rhceph-5-dashboard-rhel8",
    "cpe" : "cpe:/a:redhat:ceph_storage:5"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-etcd-rhel9",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform Assisted Installer 1",
    "fix_state" : "Not affected",
    "package_name" : "rhai-tech-preview/assisted-installer-rhel8",
    "cpe" : "cpe:/a:redhat:assisted_installer:1"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Not affected",
    "package_name" : "ocs4/cephcsi-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/cephcsi-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat OpenShift Data Science (RHODS)",
    "fix_state" : "Not affected",
    "package_name" : "rhods/odh-mm-rest-proxy-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_data_science"
  }, {
    "product_name" : "Red Hat OpenShift distributed tracing 2",
    "fix_state" : "Not affected",
    "package_name" : "rhosdt/jaeger-agent-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:2"
  }, {
    "product_name" : "Red Hat OpenShift GitOps",
    "fix_state" : "Not affected",
    "package_name" : "openshift-gitops-1/gitops-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1"
  }, {
    "product_name" : "Red Hat Openshift Sandboxed Containers",
    "fix_state" : "Not affected",
    "package_name" : "openshift-sandboxed-containers/osc-rhel9-operator",
    "cpe" : "cpe:/a:redhat:openshift_sandboxed_containers:1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Not affected",
    "package_name" : "rhosp-rhel8/osp-director-agent",
    "cpe" : "cpe:/a:redhat:openstack:16.2"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Not affected",
    "package_name" : "quay/quay-builder-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  }, {
    "product_name" : "Service Telemetry Framework 1.4 for RHEL 8",
    "fix_state" : "Not affected",
    "package_name" : "stf/sg-core-rhel8",
    "cpe" : "cpe:/a:redhat:stf:1.4::el8"
  }, {
    "product_name" : "Service Telemetry Framework 1.5",
    "fix_state" : "Not affected",
    "package_name" : "stf/sg-core-rhel8",
    "cpe" : "cpe:/a:redhat:stf:1.5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-41727\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41727" ],
  "name" : "CVE-2022-41727",
  "csaw" : false
}