{ "threat_severity" : "Moderate", "public_date" : "2026-04-08T01:06:57Z", "bugzilla" : { "description" : "golang: cmd/compile: possible memory corruption after bound check elimination", "id" : "2456342", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2456342" }, "cvss3" : { "cvss3_base_score" : "8.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-733", "details" : [ "Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.", "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption." ], "statement" : "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10217", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "golang-0:1.25.9-3.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-05-11T00:00:00Z", "advisory" : "RHSA-2026:16024", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "golang-0:1.25.9-1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:10704", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "go-toolset:rhel8-8100020260422204008.a3795dee" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-24T00:00:00Z", "advisory" : "RHSA-2026:10219", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "golang-0:1.25.9-1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-05-11T00:00:00Z", "advisory" : "RHSA-2026:16021", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "golang-0:1.25.9-1.el9_6" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-09T00:00:00Z", "advisory" : "RHSA-2026:7291", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "golang1-26-main-1.26.2-1.hum1" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-10T00:00:00Z", "advisory" : "RHSA-2026:7385", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "golang1-25-main-1.25.9-1.hum1" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11688", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/istio-cni-rhel8:1777374598" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11688", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/istio-rhel8-operator:1777320087" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11688", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/pilot-rhel8:1777319850" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11688", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/ratelimit-rhel8:1777319773" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16477", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/istio-cni-rhel9:1777883393" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16477", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/istio-pilot-rhel9:1777883471" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16477", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/istio-proxyv2-rhel9:1777984344" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16477", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/istio-rhel9-operator:1778149127" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16505", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/istio-cni-rhel9:1777884045" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16505", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/istio-pilot-rhel9:1777884022" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16505", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/istio-proxyv2-rhel9:1778125216" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16505", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/istio-rhel9-operator:1778149657" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16508", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/istio-cni-rhel9:1778007597" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16508", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/istio-pilot-rhel9:1778007366" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16508", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/istio-proxyv2-rhel9:1778103735" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16508", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/istio-rhel9-operator:1778150474" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.3", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16537", "cpe" : "cpe:/a:redhat:service_mesh:3.3::el9", "package" : "openshift-service-mesh/istio-cni-rhel9:1778007548" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.3", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16537", "cpe" : "cpe:/a:redhat:service_mesh:3.3::el9", "package" : "openshift-service-mesh/istio-pilot-rhel9:1778007569" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.3", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16537", "cpe" : "cpe:/a:redhat:service_mesh:3.3::el9", "package" : "openshift-service-mesh/istio-proxyv2-rhel9:1778012399" } ], "package_state" : [ { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Not affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Affected", "package_name" : "openshift-service-mesh/proxyv2-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "go-toolset", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "golang", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-27143\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27143\nhttps://go.dev/cl/763765\nhttps://go.dev/issue/78333\nhttps://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\nhttps://pkg.go.dev/vuln/GO-2026-4868" ], "name" : "CVE-2026-27143", "mitigation" : { "value" : "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.", "lang" : "en:us" }, "csaw" : false }