CVE-2023-5625

Summary

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.

Affected Software

VendorProductVersion RangeStatus
Red HatIronic content for Red Hat OpenShift Container Platform 4.120:0.30.2-4.el9 < *unaffected
Red HatRed Hat OpenStack Platform 17.1 for RHEL 80:0.30.2-4.el8ost < *unaffected
Red HatRed Hat OpenStack Platform 17.1 for RHEL 90:0.30.2-4.el9ost < *unaffected

Weaknesses

  • CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References