{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-33811", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2026-03-23T20:35:32.814Z", "datePublished": "2026-05-07T19:41:19.285Z", "dateUpdated": "2026-07-10T12:05:37.510Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2026-05-07T19:41:19.285Z" }, "title": "Crash when handling long CNAME response in net", "descriptions": [ { "lang": "en", "value": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash." } ], "affected": [ { "vendor": "Go standard library", "product": "net", "collectionURL": "https://pkg.go.dev", "packageName": "net", "versions": [ { "version": "0", "lessThan": "1.25.10", "status": "affected", "versionType": "semver" }, { "version": "1.26.0-0", "lessThan": "1.26.3", "status": "affected", "versionType": "semver" } ], "programRoutines": [ { "name": "cgoResSearch" }, { "name": "LookupCNAME" }, { "name": "Resolver.LookupCNAME" } ], "defaultStatus": "unaffected" } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "CWE-415: Double Free" } ] } ], "references": [ { "url": "https://go.dev/issue/78803" }, { "url": "https://go.dev/cl/767860" }, { "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M" }, { "url": "https://pkg.go.dev/vuln/GO-2026-4981" } ], "credits": [ { "lang": "en", "value": "hamayanhamayan" } ] }, "adp": [ { "metrics": [ { "cvssV3_1": { "scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE" } }, { "other": { "type": "ssvc", "content": { "timestamp": "2026-05-08T14:25:39.702568Z", "id": "CVE-2026-33811", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-08T14:25:43.896Z" } }, { "affected": [ { "cpes": [ "cpe:/a:redhat:edge_manager:1.0::el9" ], "defaultStatus": "affected", "product": "RHEM 1.0 for RHEL 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:10.2" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 10)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 8)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 9)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:logging:6.4::el9" ], "defaultStatus": "affected", "product": "Logging Subsystem for Red Hat OpenShift 6.4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.10::el8" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.11::el9" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.11", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.9::el8" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:rhdh:1.9::el9" ], "defaultStatus": "affected", "product": "Red Hat Developer Hub 1.9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:edge_manager:1.0::el9" ], "defaultStatus": "affected", "product": "Red Hat Edge Manager 1.0", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:hummingbird:1" ], "defaultStatus": "affected", "product": "Red Hat Hardened Images", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_builds:1.7::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Builds 1.7.4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_gitops:1.19::el8" ], "defaultStatus": "affected", "product": "Red Hat OpenShift GitOps 1.19", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_gitops:1.20::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift GitOps 1.20", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_gitops:1.21::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift GitOps 1.21", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3.1::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3.2::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3.3::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3.3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3.0::el9" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Service Mesh 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:trusted_artifact_signer:1.4::el9" ], "defaultStatus": "affected", "product": "Red Hat Trusted Artifact Signer 1.4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:assisted_installer:2" ], "defaultStatus": "affected", "product": "Assisted Installer for Red Hat OpenShift Container Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:cert_manager:1" ], "defaultStatus": "affected", "product": "cert-manager Operator for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_compliance_operator:1" ], "defaultStatus": "affected", "product": "Compliance Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:confidential_compute_attestation:1" ], "defaultStatus": "affected", "product": "Confidential Compute Attestation", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:cryostat:4" ], "defaultStatus": "affected", "product": "Cryostat 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" ], "defaultStatus": "affected", "product": "Custom Metric Autoscaler operator for Red Hat Openshift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:deployment_validator_operator" ], "defaultStatus": "affected", "product": "Deployment Validation Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:external_secrets_operator:1" ], "defaultStatus": "affected", "product": "External Secrets Operator for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:workload_availability_far:0" ], "defaultStatus": "affected", "product": "Fence Agents Remediation Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_file_integrity_operator:1" ], "defaultStatus": "affected", "product": "File Integrity Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:gatekeeper:3" ], "defaultStatus": "affected", "product": "Gatekeeper 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:logging:6" ], "defaultStatus": "affected", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:lvms:4" ], "defaultStatus": "affected", "product": "Logical Volume Manager Storage", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:workload_availability_mdr:0" ], "defaultStatus": "affected", "product": "Machine Deletion Remediation Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:8" ], "defaultStatus": "affected", "product": "Migration Toolkit for Applications 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:rhmt:1" ], "defaultStatus": "affected", "product": "Migration Toolkit for Containers", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:mirror_registry:1" ], "defaultStatus": "affected", "product": "mirror registry for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:mirror_registry:2" ], "defaultStatus": "affected", "product": "mirror registry for Red Hat OpenShift 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multiarch_tuning_operator" ], "defaultStatus": "affected", "product": "Multiarch Tuning Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "affected", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_globalhub" ], "defaultStatus": "affected", "product": "Multicluster Global Hub", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:network_observ_optr:1" ], "defaultStatus": "affected", "product": "Network Observability Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:workload_availability_nhc:0" ], "defaultStatus": "affected", "product": "Node HealthCheck Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_api_data_protection:1" ], "defaultStatus": "affected", "product": "OpenShift API for Data Protection", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ocp_tools" ], "defaultStatus": "affected", "product": "OpenShift Developer Tools and Services", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_lightspeed" ], "defaultStatus": "affected", "product": "OpenShift Lightspeed", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "affected", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:source_to_image:1" ], "defaultStatus": "affected", "product": "OpenShift Source-to-Image (S2I)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_power_monitoring" ], "defaultStatus": "affected", "product": "Power monitoring for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:acm:2" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "affected", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "product": "Red Hat build of Apicurio Registry 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ceph_storage:5" ], "defaultStatus": "affected", "product": "Red Hat Ceph Storage 5", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ceph_storage:6" ], "defaultStatus": "affected", "product": "Red Hat Ceph Storage 6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ceph_storage:9" ], "defaultStatus": "affected", "product": "Red Hat Ceph Storage 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:certifications:9" ], "defaultStatus": "affected", "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:connectivity_link:1" ], "defaultStatus": "affected", "product": "Red Hat Connectivity Link 1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:enterprise_linux_ai:3" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:lightspeed_for_runtimes:1" ], "defaultStatus": "affected", "product": "Red Hat Lightspeed for Runtimes Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "affected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_cluster_manager_cli:1" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Cluster Manager CLI", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_devspaces:3" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:devworkspace" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Workspaces Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_distributed_tracing:3" ], "defaultStatus": "affected", "product": "Red Hat OpenShift distributed tracing 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:windows_machine_config" ], "defaultStatus": "affected", "product": "Red Hat OpenShift for Windows Containers", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_service_on_aws:1" ], "defaultStatus": "affected", "product": "Red Hat OpenShift on AWS", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:container_native_virtualization:4" ], "defaultStatus": "affected", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openstack:16.2" ], "defaultStatus": "affected", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openstack:17.1" ], "defaultStatus": "affected", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openstack:18.0" ], "defaultStatus": "affected", "product": "Red Hat OpenStack Platform 18.0", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "affected", "product": "Red Hat Quay 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "affected", "product": "Red Hat Satellite 6", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_interconnect:1" ], "defaultStatus": "affected", "product": "Red Hat Service Interconnect 1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_interconnect:2" ], "defaultStatus": "affected", "product": "Red Hat Service Interconnect 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:webterminal:1" ], "defaultStatus": "affected", "product": "Red Hat Web Terminal", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_security_profiles_operator:1" ], "defaultStatus": "affected", "product": "Security Profiles Operator", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:stf:1.5" ], "defaultStatus": "affected", "product": "Service Telemetry Framework 1.5", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_streams:3" ], "defaultStatus": "affected", "product": "streams for Apache Kafka 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:zero_trust_workload_identity_manager:1" ], "defaultStatus": "affected", "product": "Zero Trust Workload Identity Manager", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:zero_trust_workload_identity_manager:0" ], "defaultStatus": "affected", "product": "Zero Trust Workload Identity Manager - Tech Preview", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:2" ], "defaultStatus": "unaffected", "product": "OpenShift Service Mesh 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:service_mesh:3" ], "defaultStatus": "unaffected", "product": "OpenShift Service Mesh 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:red_hat_3scale_amp:2" ], "defaultStatus": "unaffected", "product": "Red Hat 3scale API Management Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:amq_clients:2023" ], "defaultStatus": "unaffected", "product": "Red Hat AMQ Clients", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4" ], "defaultStatus": "unaffected", "product": "Red Hat Openshift Data Foundation 4", "vendor": "Red Hat" } ], "datePublic": "2026-05-07T19:41:19.285Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1341", "description": "Multiple Releases of Same Resource or Handle", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2026-33811" }, { "name": "RHBZ#2467822", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33811.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36796" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35832" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:34357" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36776" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36617" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:34359" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:34364" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36625" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36207" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36319" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33574" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36651" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:23262" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:23264" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36648" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35994" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35993" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:35995" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33123" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33142" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33150" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33120" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36797" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9" }, { "lang": "en", "value": "RHSA-2026:35832: Red Hat Enterprise Linux AppStream (v. 10)" }, { "lang": "en", "value": "RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)" }, { "lang": "en", "value": "RHSA-2026:36776: Red Hat Enterprise Linux AppStream (v. 8)" }, { "lang": "en", "value": "RHSA-2026:36617: Red Hat Enterprise Linux AppStream (v. 9)" }, { "lang": "en", "value": "RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)" }, { "lang": "en", "value": "RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4" }, { "lang": "en", "value": "RHSA-2026:36625: Red Hat Advanced Cluster Security for Kubernetes 4.10" }, { "lang": "en", "value": "RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11" }, { "lang": "en", "value": "RHSA-2026:36319: Red Hat Advanced Cluster Security for Kubernetes 4.9" }, { "lang": "en", "value": "RHSA-2026:33574: Red Hat Developer Hub 1.9" }, { "lang": "en", "value": "RHSA-2026:36651: Red Hat Edge Manager 1.0" }, { "lang": "en", "value": "RHSA-2026:23262: Red Hat Hardened Images" }, { "lang": "en", "value": "RHSA-2026:23264: Red Hat Hardened Images" }, { "lang": "en", "value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4" }, { "lang": "en", "value": "RHSA-2026:35994: Red Hat OpenShift GitOps 1.19" }, { "lang": "en", "value": "RHSA-2026:35993: Red Hat OpenShift GitOps 1.20" }, { "lang": "en", "value": "RHSA-2026:35995: Red Hat OpenShift GitOps 1.21" }, { "lang": "en", "value": "RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1" }, { "lang": "en", "value": "RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2" }, { "lang": "en", "value": "RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3" }, { "lang": "en", "value": "RHSA-2026:33120: Red Hat OpenShift Service Mesh 3" }, { "lang": "en", "value": "RHSA-2026:36797: Red Hat Trusted Artifact Signer 1.4" } ], "timeline": [ { "lang": "en", "time": "2026-05-07T20:01:34.913Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-05-07T19:41:19.285Z", "value": "Made public." } ], "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-07-10T12:05:37.510Z" } } ] } }