CNNVD-202602-552 Information
CNNVD ID
CNNVD-202602-552
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
cert-manager是cert-manager开源的一个证书管理器。将证书和证书颁发者添加为 Kubernetes 集群中的资源类型,并简化了这些证书的获取、续订和使用过程。 cert-manager 1.18.0版本至1.18.5之前版本和1.19.0版本至1.19.3之前版本存在代码问题漏洞,该漏洞源于DNS查找使用未加密DNS,可能导致插入特制条目触发内核崩溃,造成拒绝服务。
Description (English)
Cert-manager is a certificate manager for the cert-manager open source. Add certificates and certificates issuers to the type of resources in the Kubernetes cluster and simplify the acquisition, renewal and use of these certificates. There is a code problem loophole in the pre-versions of cert-manager 1.18.0 and 1.19.0 to 1.19.3, which originates from the DNS search for unencrypted DNS, which could trigger a kernel crash by inserting a special entry and result in a denial of service.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
cert-manager
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/cert-manager/cert-manager/commit/409fc24e539711a07aae45ed45abbe03dfdad2cc https://github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37ac463e4803ba10327d https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2 https://github.com/cert-manager/cert-manager/pull/8467 https://github.com/cert-manager/cert-manager/pull/8468 https://github.com/cert-manager/cert-manager/pull/8469 https://github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv