Bug 2456339 (CVE-2026-32280) - CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
Summary: CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnera...
Keywords:
Status: NEW
Alias: CVE-2026-32280
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2457792
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-08 02:01 UTC by OSIDB Bzimport
Modified: 2026-06-10 09:49 UTC (History)
130 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:10217 0 None None None 2026-04-23 21:35:57 UTC
Red Hat Product Errata RHSA-2026:10219 0 None None None 2026-04-24 02:33:44 UTC
Red Hat Product Errata RHSA-2026:10704 0 None None None 2026-04-27 02:09:39 UTC
Red Hat Product Errata RHSA-2026:11507 0 None None None 2026-04-29 07:28:18 UTC
Red Hat Product Errata RHSA-2026:11514 0 None None None 2026-04-29 08:02:13 UTC
Red Hat Product Errata RHSA-2026:14200 0 None None None 2026-05-06 15:29:54 UTC
Red Hat Product Errata RHSA-2026:14391 0 None None None 2026-05-06 21:10:20 UTC
Red Hat Product Errata RHSA-2026:15980 0 None None None 2026-05-11 12:18:14 UTC
Red Hat Product Errata RHSA-2026:16021 0 None None None 2026-05-11 18:31:51 UTC
Red Hat Product Errata RHSA-2026:16024 0 None None None 2026-05-11 16:19:48 UTC
Red Hat Product Errata RHSA-2026:16875 0 None None None 2026-05-13 08:00:00 UTC
Red Hat Product Errata RHSA-2026:17084 0 None None None 2026-05-13 15:36:48 UTC
Red Hat Product Errata RHSA-2026:17287 0 None None None 2026-05-13 19:25:07 UTC
Red Hat Product Errata RHSA-2026:18027 0 None None None 2026-05-18 08:56:34 UTC
Red Hat Product Errata RHSA-2026:18032 0 None None None 2026-05-18 09:21:25 UTC
Red Hat Product Errata RHSA-2026:19133 0 None None None 2026-05-19 16:06:38 UTC
Red Hat Product Errata RHSA-2026:19135 0 None None None 2026-05-19 16:07:56 UTC
Red Hat Product Errata RHSA-2026:19144 0 None None None 2026-05-19 16:09:28 UTC
Red Hat Product Errata RHSA-2026:19350 0 None None None 2026-05-19 21:37:52 UTC
Red Hat Product Errata RHSA-2026:19353 0 None None None 2026-05-19 21:39:38 UTC
Red Hat Product Errata RHSA-2026:19550 0 None None None 2026-05-20 08:28:47 UTC
Red Hat Product Errata RHSA-2026:19634 0 None None None 2026-05-20 13:06:31 UTC
Red Hat Product Errata RHSA-2026:19714 0 None None None 2026-05-20 16:19:28 UTC
Red Hat Product Errata RHSA-2026:19715 0 None None None 2026-05-20 16:20:58 UTC
Red Hat Product Errata RHSA-2026:19719 0 None None None 2026-05-20 16:41:28 UTC
Red Hat Product Errata RHSA-2026:19720 0 None None None 2026-05-20 16:53:57 UTC
Red Hat Product Errata RHSA-2026:19721 0 None None None 2026-05-20 16:48:26 UTC
Red Hat Product Errata RHSA-2026:19722 0 None None None 2026-05-20 16:56:15 UTC
Red Hat Product Errata RHSA-2026:19750 0 None None None 2026-05-20 17:23:21 UTC
Red Hat Product Errata RHSA-2026:19839 0 None None None 2026-05-20 23:53:19 UTC
Red Hat Product Errata RHSA-2026:20556 0 None None None 2026-05-26 03:42:17 UTC
Red Hat Product Errata RHSA-2026:20569 0 None None None 2026-05-26 03:20:20 UTC
Red Hat Product Errata RHSA-2026:20570 0 None None None 2026-05-26 03:17:21 UTC
Red Hat Product Errata RHSA-2026:20571 0 None None None 2026-05-26 03:20:58 UTC
Red Hat Product Errata RHSA-2026:20607 0 None None None 2026-05-26 05:31:26 UTC
Red Hat Product Errata RHSA-2026:20608 0 None None None 2026-05-26 05:36:02 UTC
Red Hat Product Errata RHSA-2026:20609 0 None None None 2026-05-26 05:17:44 UTC
Red Hat Product Errata RHSA-2026:21655 0 None None None 2026-06-03 14:20:59 UTC
Red Hat Product Errata RHSA-2026:22130 0 None None None 2026-06-01 01:32:40 UTC
Red Hat Product Errata RHSA-2026:22141 0 None None None 2026-06-01 02:07:43 UTC
Red Hat Product Errata RHSA-2026:22309 0 None None None 2026-06-01 11:50:11 UTC
Red Hat Product Errata RHSA-2026:22709 0 None None None 2026-06-03 07:20:08 UTC
Red Hat Product Errata RHSA-2026:22713 0 None None None 2026-06-03 07:43:32 UTC
Red Hat Product Errata RHSA-2026:23102 0 None None None 2026-06-04 02:05:09 UTC
Red Hat Product Errata RHSA-2026:23103 0 None None None 2026-06-04 01:42:18 UTC
Red Hat Product Errata RHSA-2026:23244 0 None None None 2026-06-10 09:49:23 UTC
Red Hat Product Errata RHSA-2026:24337 0 None None None 2026-06-08 01:46:48 UTC
Red Hat Product Errata RHSA-2026:24470 0 None None None 2026-06-08 13:15:56 UTC
Red Hat Product Errata RHSA-2026:24716 0 None None None 2026-06-09 06:47:38 UTC
Red Hat Product Errata RHSA-2026:24761 0 None None None 2026-06-09 11:03:49 UTC
Red Hat Product Errata RHSA-2026:24762 0 None None None 2026-06-09 11:02:17 UTC

Description OSIDB Bzimport 2026-04-08 02:01:42 UTC 
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
Comment 2 errata-xmlrpc 2026-04-23 21:35:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:10217 https://access.redhat.com/errata/RHSA-2026:10217
Comment 3 errata-xmlrpc 2026-04-24 02:33:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:10219 https://access.redhat.com/errata/RHSA-2026:10219
Comment 4 errata-xmlrpc 2026-04-27 02:09:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:10704 https://access.redhat.com/errata/RHSA-2026:10704
Comment 5 errata-xmlrpc 2026-04-29 07:28:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11507 https://access.redhat.com/errata/RHSA-2026:11507
Comment 6 errata-xmlrpc 2026-04-29 08:02:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11514 https://access.redhat.com/errata/RHSA-2026:11514
Comment 9 errata-xmlrpc 2026-05-06 15:29:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:14200 https://access.redhat.com/errata/RHSA-2026:14200
Comment 10 errata-xmlrpc 2026-05-06 21:10:11 UTC 
This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2026:14391 https://access.redhat.com/errata/RHSA-2026:14391
Comment 11 errata-xmlrpc 2026-05-11 12:18:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:15980 https://access.redhat.com/errata/RHSA-2026:15980
Comment 12 errata-xmlrpc 2026-05-11 16:19:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:16024 https://access.redhat.com/errata/RHSA-2026:16024
Comment 13 errata-xmlrpc 2026-05-11 18:31:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:16021 https://access.redhat.com/errata/RHSA-2026:16021
Comment 14 errata-xmlrpc 2026-05-13 07:59:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:16875 https://access.redhat.com/errata/RHSA-2026:16875
Comment 15 errata-xmlrpc 2026-05-13 15:36:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:17084 https://access.redhat.com/errata/RHSA-2026:17084
Comment 16 errata-xmlrpc 2026-05-13 19:25:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:17287 https://access.redhat.com/errata/RHSA-2026:17287
Comment 17 errata-xmlrpc 2026-05-18 08:56:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:18027 https://access.redhat.com/errata/RHSA-2026:18027
Comment 18 errata-xmlrpc 2026-05-18 09:21:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:18032 https://access.redhat.com/errata/RHSA-2026:18032
Comment 19 errata-xmlrpc 2026-05-19 16:06:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19133 https://access.redhat.com/errata/RHSA-2026:19133
Comment 20 errata-xmlrpc 2026-05-19 16:07:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19135 https://access.redhat.com/errata/RHSA-2026:19135
Comment 21 errata-xmlrpc 2026-05-19 16:09:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19144 https://access.redhat.com/errata/RHSA-2026:19144
Comment 22 errata-xmlrpc 2026-05-19 21:37:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19350 https://access.redhat.com/errata/RHSA-2026:19350
Comment 23 errata-xmlrpc 2026-05-19 21:39:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19353 https://access.redhat.com/errata/RHSA-2026:19353
Comment 24 errata-xmlrpc 2026-05-20 08:28:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19550 https://access.redhat.com/errata/RHSA-2026:19550
Comment 25 errata-xmlrpc 2026-05-20 13:06:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:19634 https://access.redhat.com/errata/RHSA-2026:19634
Comment 26 errata-xmlrpc 2026-05-20 16:19:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19714 https://access.redhat.com/errata/RHSA-2026:19714
Comment 27 errata-xmlrpc 2026-05-20 16:20:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19715 https://access.redhat.com/errata/RHSA-2026:19715
Comment 28 errata-xmlrpc 2026-05-20 16:41:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19719 https://access.redhat.com/errata/RHSA-2026:19719
Comment 29 errata-xmlrpc 2026-05-20 16:48:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:19721 https://access.redhat.com/errata/RHSA-2026:19721
Comment 30 errata-xmlrpc 2026-05-20 16:53:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:19720 https://access.redhat.com/errata/RHSA-2026:19720
Comment 31 errata-xmlrpc 2026-05-20 16:56:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:19722 https://access.redhat.com/errata/RHSA-2026:19722
Comment 32 errata-xmlrpc 2026-05-20 17:23:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19750 https://access.redhat.com/errata/RHSA-2026:19750
Comment 33 errata-xmlrpc 2026-05-20 23:53:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:19839 https://access.redhat.com/errata/RHSA-2026:19839
Comment 35 errata-xmlrpc 2026-05-26 03:17:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:20570 https://access.redhat.com/errata/RHSA-2026:20570
Comment 36 errata-xmlrpc 2026-05-26 03:20:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:20569 https://access.redhat.com/errata/RHSA-2026:20569
Comment 37 errata-xmlrpc 2026-05-26 03:20:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:20571 https://access.redhat.com/errata/RHSA-2026:20571
Comment 38 errata-xmlrpc 2026-05-26 03:42:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20556 https://access.redhat.com/errata/RHSA-2026:20556
Comment 39 errata-xmlrpc 2026-05-26 05:17:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20609 https://access.redhat.com/errata/RHSA-2026:20609
Comment 40 errata-xmlrpc 2026-05-26 05:31:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20607 https://access.redhat.com/errata/RHSA-2026:20607
Comment 41 errata-xmlrpc 2026-05-26 05:35:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20608 https://access.redhat.com/errata/RHSA-2026:20608
Comment 42 errata-xmlrpc 2026-06-01 01:32:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:22130 https://access.redhat.com/errata/RHSA-2026:22130
Comment 43 errata-xmlrpc 2026-06-01 02:07:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:22141 https://access.redhat.com/errata/RHSA-2026:22141
Comment 44 errata-xmlrpc 2026-06-01 11:50:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:22309 https://access.redhat.com/errata/RHSA-2026:22309
Comment 45 errata-xmlrpc 2026-06-03 07:20:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:22709 https://access.redhat.com/errata/RHSA-2026:22709
Comment 46 errata-xmlrpc 2026-06-03 07:43:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:22713 https://access.redhat.com/errata/RHSA-2026:22713
Comment 47 errata-xmlrpc 2026-06-03 14:20:51 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2026:21655 https://access.redhat.com/errata/RHSA-2026:21655
Comment 48 errata-xmlrpc 2026-06-04 01:42:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:23103 https://access.redhat.com/errata/RHSA-2026:23103
Comment 49 errata-xmlrpc 2026-06-04 02:05:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:23102 https://access.redhat.com/errata/RHSA-2026:23102
Comment 50 errata-xmlrpc 2026-06-08 01:46:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:24337 https://access.redhat.com/errata/RHSA-2026:24337
Comment 51 errata-xmlrpc 2026-06-08 13:15:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:24470 https://access.redhat.com/errata/RHSA-2026:24470
Comment 52 errata-xmlrpc 2026-06-09 06:47:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:24716 https://access.redhat.com/errata/RHSA-2026:24716
Comment 53 errata-xmlrpc 2026-06-09 11:02:10 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.6 for RHEL 9
  Red Hat Ansible Automation Platform 2.6 for RHEL 10

Via RHSA-2026:24762 https://access.redhat.com/errata/RHSA-2026:24762
Comment 54 errata-xmlrpc 2026-06-09 11:03:42 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2026:24761 https://access.redhat.com/errata/RHSA-2026:24761
Comment 55 errata-xmlrpc 2026-06-10 09:49:16 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.19

Via RHSA-2026:23244 https://access.redhat.com/errata/RHSA-2026:23244
Note You need to log in before you can comment on or make changes to this bug.