Main Vulnerability Database SB2021033059

SB2021033059 - Incorrect calculation in Red Hat OpenShift Container Platform 4.7

Published: March 30, 2021

Security Bulletin ID SB2021033059

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect calculation (CVE-ID: CVE-2021-3114)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incorrect calculation performed by the application in "crypto/elliptic/p224.go". A remote attacker can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2021:0958

Vulnerable Software

Red Hat OpenShift Container Platform: before 4.7.4
openshift-ansible (Red Hat package): before 4.7.0-202103181433.p0.git.0.729df27.el7
python-oslo-log (Red Hat package): before 4.4.0-0.20210310191258.9b29c90.el8
python-ironic-lib (Red Hat package): before 4.4.1-0.20210129211219.7ac01e1.el8
openstack-ironic-python-agent (Red Hat package): before 6.4.4-0.20210310142329.99b9953.el8
openshift-kuryr (Red Hat package): before 4.7.0-202103171728.p0.git.2502.8383c08.el8
openshift-clients (Red Hat package): before 4.7.0-202103191426.p0.git.3953.f3a7513.el7
openshift (Red Hat package): before 4.7.0-202103181538.p0.git.97109.7576cdc.el7
ironic-images (Red Hat package): before 15.2-20210315.1.el8
cri-o (Red Hat package): before 1.20.2-3.rhaos4.7.gitfecc319.el7
NetworkManager (Red Hat package): before 1.26.0-14.1.rhaos4.7.el8