Bug 1208853 (CVE-2022-41727) - VUL-0: CVE-2022-41727: TRACKERBUG: golang.org/x/image: Uncontrolled Resource Consumption
Summary: VUL-0: CVE-2022-41727: TRACKERBUG: golang.org/x/image: Uncontrolled Resource ...
Status: RESOLVED INVALID
Alias: CVE-2022-41727
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/358717/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-41727:6.2:(AV:...
Keywords:
Depends on: 1208854 1208858 1208859 1208860 1208861 1208862
Blocks:
  Show dependency treegraph
 
Reported: 2023-03-02 14:51 UTC by Cathy Hu
Modified: 2023-03-02 16:28 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Cathy Hu 2023-03-02 15:25:00 UTC 
Our scanners show golang.org/x/image with version < 0.5.0 embedded in:

- SUSE:SLE-15-SP3:Update:Products:MicroOS51:Update/ignition                 
- SUSE:SLE-15-SP3:Update:Products:MicroOS52:Update/ignition                 
- SUSE:SLE-15-SP4:Update/ignition                                           
- SUSE:SLE-15-SP4:Update:Products:Micro53:Update/ignition                   
- openSUSE:Backports:SLE-15-SP4/ignition                                    
- openSUSE:Factory/ignition
Comment 2 Cathy Hu 2023-03-02 15:26:26 UTC 
ignore my last comment, opened separate bug
Comment 3 Cathy Hu 2023-03-02 16:28:58 UTC 
Sorry, all entries were false positives, closing invalid.